PT-2025-49289 · Nextcloud+1 · Nextcloud Calendar+1
Published
2025-12-05
·
Updated
2026-02-09
·
CVE-2025-66546
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Calendar versions prior to 4.7.19
Nextcloud Calendar versions prior to 5.5.6
Nextcloud Calendar versions prior to 6.0.1
Description
The Nextcloud Calendar application contained a flaw where appointments could be booked without knowing the appointment token, by using a sequential ID. This allowed for potentially unauthorized scheduling of calendar events.
Recommendations
Update Nextcloud Calendar to version 4.7.19 or later.
Update Nextcloud Calendar to version 5.5.6 or later.
Update Nextcloud Calendar to version 6.0.1 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud Calendar
Red Os