CVE-2025-59716

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ownCloud Guests versions prior to 0.12.5

Description The application allows unauthenticated user enumeration through the /apps/guests/register/{email}/{token} API endpoint. Insufficient validation of the supplied token within the showPasswordForm function causes the server to respond differently based on whether the provided email address corresponds to a valid pending guest user or a non-existent user.

Recommendations Update ownCloud Guests to version 0.12.5 or later.

Exploit

Fix

Side Channel Attack

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-200

Related Identifiers

CVE-2025-59716

Affected Products

Owncloud Guests

CVE-2025-59716

Weakness Enumeration

Related Identifiers

Affected Products

References · 9