PT-2025-49301 · Nextcloud · Nextcloud Talk
Published
2025-12-05
·
Updated
2025-12-09
·
CVE-2025-66556
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud talk versions prior to 20.1.8
Nextcloud talk versions prior to 21.1.2
Description
A participant with chat permissions could delete poll drafts of other participants within a conversation by using their numeric ID. This issue affects Nextcloud talk, a video and audio conferencing application for Nextcloud.
Recommendations
Update Nextcloud talk to version 20.1.8 or later.
Update Nextcloud talk to version 21.1.2 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud Talk