CVE-2025-66547

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server and Enterprise Server versions prior to 31.0.1

Description Non-privileged users can modify tags on files they should not have access to through bulk tagging. This affects a self-hosted personal cloud system.

Recommendations Update to version 31.0.1 or later.

Exploit

Fix

LPE

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

BDU:2026-03382

CVE-2025-66547

GHSA-HQ6C-R898-FGF2

Affected Products

Nextcloud Enterprise Server

Nextcloud Server

Red Os

CVE-2025-66547

Weakness Enumeration

Related Identifiers

Affected Products

References · 16