CVE-2025-66551 – This vulnerability in Nextcloud Tables allows a... (How to Fix)

Q: What is the severity of CVE-2025-66551?

CVE-2025-66551 has a CVSS score of 6.3 (MEDIUM). This vulnerability in Nextcloud Tables allows authenticated malicious users to move columns they created into other users' tables without authorization. This affects all Nextcloud instances running Tables versions before 0.8.6 or 0.9.3. The attack requires a valid user account but no special privileges.

📋 TL;DR

This vulnerability in Nextcloud Tables allows authenticated malicious users to move columns they created into other users' tables without authorization. This affects all Nextcloud instances running Tables versions before 0.8.6 or 0.9.3. The attack requires a valid user account but no special privileges.

💻 Affected Systems

Products:

Nextcloud Tables

Versions: All versions before 0.8.6 and 0.9.3

Operating Systems: All platforms running Nextcloud

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Tables app to be installed and enabled. All Nextcloud deployments with vulnerable Tables versions are affected.

📦 What is this software?

Tables by Nextcloud

View all CVEs affecting Tables →

Tables by Nextcloud

View all CVEs affecting Tables →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious users could manipulate or corrupt other users' table structures, potentially causing data integrity issues or disrupting legitimate users' workflows.

🟠

Likely Case

Unauthorized modification of table schemas leading to confusion, data display issues, or minor workflow disruption for affected users.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated table structure changes that can be audited and reverted.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but no special privileges. The vulnerability is straightforward to exploit once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.6 or 0.9.3

Vendor Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w787-vwqp-8wr7

Restart Required: No

Instructions:

1. Update Nextcloud Tables app to version 0.8.6 or 0.9.3 via Nextcloud app store or manual installation. 2. No server restart required. 3. Verify update completed successfully.

🔧 Temporary Workarounds

Disable Tables App

linux

Temporarily disable the Tables app to prevent exploitation while planning update.

occ app:disable tables

🧯 If You Can't Patch

Restrict user account creation and monitor existing user activities
Implement additional table access logging and alert on suspicious column modifications

🔍 How to Verify

Check if Vulnerable:

Check Tables app version in Nextcloud admin settings or run: occ app:list | grep tables

Check Version:

occ app:list | grep tables

Verify Fix Applied:

Verify Tables version is 0.8.6 or higher (or 0.9.3 or higher) in app settings

📡 Detection & Monitoring

Log Indicators:

Unusual column modification events in Nextcloud logs
Multiple column move operations from single user

Network Indicators:

API calls to column movement endpoints from unexpected sources

SIEM Query:

source="nextcloud.log" AND "column" AND "move" AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-66551

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L

CWE: CWE-639

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: December 5, 2025

Last Updated: December 9, 2025

🔗 References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w787-vwqp-8wr7 Vendor Advisory
https://github.com/nextcloud/tables/commit/39f24a62fb41fd7a8bda65325f8bbafdc91c731c Patch
https://github.com/nextcloud/tables/pull/1810 Issue Tracking,Patch
https://hackerone.com/reports/3137895 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66551, you might also want to check these: