CVE-2025-58051
📋 TL;DR
This vulnerability in Nextcloud Tables allows authenticated users to read arbitrary files from the server by importing specially crafted tables. The attacker can specify server file paths during table import, and if the file format is supported by PhpSpreadsheet, its contents are leaked to the user. This affects all Nextcloud instances running vulnerable versions of the Tables app.
💻 Affected Systems
- Nextcloud Tables
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could read sensitive server files including configuration files, database credentials, or other application data, potentially leading to full system compromise.
Likely Case
Authenticated users with table import permissions can read arbitrary files accessible to the web server process, potentially exposing sensitive information.
If Mitigated
With proper access controls and file permissions, impact is limited to files readable by the web server user, but sensitive data could still be exposed.
🎯 Exploit Status
Exploitation requires authenticated access and knowledge of server file paths. The vulnerability is path traversal through file import functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.7.6, 0.8.8, or 0.9.5
Vendor Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wpp5-4w35-pxq6
Restart Required: No
Instructions:
1. Log into Nextcloud admin panel. 2. Go to Apps section. 3. Find Tables app. 4. Update to version 0.7.6, 0.8.8, or 0.9.5. 5. Verify update completed successfully.
🔧 Temporary Workarounds
Disable Tables app
allTemporarily disable the Tables app until patching is possible
occ app:disable tables
Restrict file permissions
Linux/UnixLimit web server user permissions to sensitive directories
chmod 600 /path/to/sensitive/files
chown root:root /path/to/sensitive/files
🧯 If You Can't Patch
- Disable the Tables app entirely using the occ command
- Implement strict file system permissions to limit web server user access to sensitive files
🔍 How to Verify
Check if Vulnerable:
Check Tables app version in Nextcloud admin panel or run: occ app:list | grep tablesCheck Version:
occ app:list | grep tablesVerify Fix Applied:
Verify Tables app version shows 0.7.6, 0.8.8, or 0.9.5 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Multiple failed import attempts with file paths
- Access to sensitive file paths via Tables import
Network Indicators:
- Unusual POST requests to Tables import endpoints with file path parameters
SIEM Query:
source="nextcloud.log" AND "tables" AND "import" AND ("file" OR "path")