Login Sign Up

CVE-2025-66513

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

Nextcloud Tables had an authorization bypass vulnerability where unprivileged users could view which tables were shared with which groups/users and their permissions. This affects Nextcloud instances with the Tables app installed before versions 0.8.9, 0.9.6, or 1.0.1.

💻 Affected Systems

Products:
  • Nextcloud Tables
Versions: All versions before 0.8.9, 0.9.6, and 1.0.1
Operating Systems: All platforms running Nextcloud
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects instances with the Tables app installed and enabled.

📦 What is this software?

Tables by Nextcloud

View all CVEs affecting Tables →

Tables by Nextcloud

View all CVEs affecting Tables →

Tables by Nextcloud

View all CVEs affecting Tables →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could map all table sharing relationships across the instance, potentially identifying sensitive data repositories and their access controls.

🟠

Likely Case

Internal users could discover tables they shouldn't have access to, leading to information disclosure about organizational data structures.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to metadata exposure rather than actual data content.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires authentication, internet-facing instances could allow attackers who gain initial access to map internal data structures.
🏢 Internal Only: MEDIUM - Internal users could abuse this to discover sensitive tables and their sharing configurations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but minimal technical skill to query the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.9, 0.9.6, or 1.0.1

Vendor Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2cwj-qp49-4xfw

Restart Required: No

Instructions:

1. Update Nextcloud Tables app via Nextcloud app store or manual installation. 2. For version 0.8.x: update to 0.8.9. 3. For version 0.9.x: update to 0.9.6. 4. For version 1.0.x: update to 1.0.1.

🔧 Temporary Workarounds

Disable Tables App

linux

Temporarily disable the Tables app if immediate patching isn't possible

occ app:disable tables

🧯 If You Can't Patch

  • Restrict user access to only trusted individuals who need table functionality
  • Implement additional monitoring for unusual table access patterns

🔍 How to Verify

Check if Vulnerable:

Check Tables app version in Nextcloud admin settings or run: occ app:list | grep tables

Check Version:

occ app:list | grep tables

Verify Fix Applied:

Verify Tables app version is 0.8.9, 0.9.6, or 1.0.1 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual volume of requests to table sharing/API endpoints
  • Access patterns from users who shouldn't have table visibility

Network Indicators:

  • Repeated API calls to /apps/tables/api endpoints from non-admin users

SIEM Query:

source="nextcloud" AND (uri_path="/apps/tables/api/*" OR app="tables") | stats count by user

📊 Metadata

CVE ID: CVE-2025-66513
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE: CWE-639
EPSS Score: 0.02% exploit probability (3.5th percentile)
Published: December 5, 2025
Last Updated: December 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66513, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)