CVE-2025-66553 – CVE-2025-66553 is an authorization bypass vulne... (How to Fix)

Q: What is the severity of CVE-2025-66553?

CVE-2025-66553 has a CVSS score of 4.3 (MEDIUM). CVE-2025-66553 is an authorization bypass vulnerability in Nextcloud Tables where authenticated users can view metadata of columns in other tables by manipulating numeric IDs in requests. This affects Nextcloud instances with the Tables app installed, allowing unauthorized access to table structure information. The vulnerability impacts authenticated users who have access to at least one table.

📋 TL;DR

CVE-2025-66553 is an authorization bypass vulnerability in Nextcloud Tables where authenticated users can view metadata of columns in other tables by manipulating numeric IDs in requests. This affects Nextcloud instances with the Tables app installed, allowing unauthorized access to table structure information. The vulnerability impacts authenticated users who have access to at least one table.

💻 Affected Systems

Products:

Nextcloud Tables

Versions: Versions prior to 0.8.7 and 0.9.4

Operating Systems: All platforms running Nextcloud

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Nextcloud instances with the Tables app installed and enabled. Requires authenticated user access.

📦 What is this software?

Tables by Nextcloud

View all CVEs affecting Tables →

Tables by Nextcloud

View all CVEs affecting Tables →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could map all table structures in the system, potentially identifying sensitive data columns and planning further attacks based on discovered metadata patterns.

🟠

Likely Case

Unauthorized users viewing metadata of tables they shouldn't access, potentially revealing column names, data types, and relationships that could inform social engineering or targeted attacks.

🟢

If Mitigated

Limited exposure of non-sensitive metadata with no direct data access, though still violates authorization boundaries.

🌐 Internet-Facing: MEDIUM - Internet-facing Nextcloud instances are vulnerable if attackers obtain valid credentials, but exploitation requires authentication.

🏢 Internal Only: MEDIUM - Internal users with legitimate access could abuse this to explore table structures beyond their authorization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Simple ID manipulation in requests

Exploitation requires authenticated access and involves modifying numeric IDs in API requests to access unauthorized table metadata.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.7 or 0.9.4

Vendor Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw

Restart Required: No

Instructions:

1. Update Nextcloud Tables app to version 0.8.7 or 0.9.4 via Nextcloud app store or manual installation. 2. Verify the update completed successfully. 3. No server restart required.

🔧 Temporary Workarounds

Disable Tables App

linux

Temporarily disable the Tables app if not essential

occ app:disable tables

Restrict User Permissions

all

Limit which users can access the Tables app

🧯 If You Can't Patch

Implement strict access controls and monitor for unusual table metadata access patterns
Use network segmentation to isolate Nextcloud instances and limit exposure

🔍 How to Verify

Check if Vulnerable:

Check Tables app version in Nextcloud admin settings or run: occ app:list | grep tables

Check Version:

occ app:list | grep tables

Verify Fix Applied:

Confirm Tables app version is 0.8.7 or higher (or 0.9.4 or higher) and test that ID manipulation no longer returns unauthorized metadata

📡 Detection & Monitoring

Log Indicators:

Unusual sequence of column metadata requests
Requests with rapidly changing numeric IDs in table-related endpoints

Network Indicators:

Patterns of sequential ID requests to Tables API endpoints

SIEM Query:

source="nextcloud.log" AND "tables" AND ("column" OR "metadata") AND status=200 | stats count by user, request_uri

📊 Metadata

CVE ID: CVE-2025-66553

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-639

EPSS Score: 0.02% exploit probability (4.4th percentile)

Published: December 5, 2025

Last Updated: December 9, 2025

🔗 References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-p53h-6294-crjw Patch,Vendor Advisory
https://github.com/nextcloud/tables/commit/e975f5bfedb6922f04cdd236cde4e26067fe064e Patch
https://github.com/nextcloud/tables/pull/1891 Issue Tracking
https://hackerone.com/reports/3138721 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66553, you might also want to check these: