Login Sign Up

CVE-2025-66556

3.5 LOW

📋 TL;DR

This vulnerability in Nextcloud Talk allows participants with chat permissions to delete poll drafts created by other participants within the same conversation by exploiting numeric ID enumeration. It affects Nextcloud Talk instances running versions before 20.1.8 and 21.1.2.

💻 Affected Systems

Products:
  • Nextcloud Talk
Versions: Versions before 20.1.8 and 21.1.2
Operating Systems: All platforms running Nextcloud
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects users with chat permissions in conversations where polls are used.

📦 What is this software?

Talk by Nextcloud

View all CVEs affecting Talk →

Talk by Nextcloud

View all CVEs affecting Talk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious participants could disrupt meeting workflows by deleting important poll drafts, potentially causing confusion or data loss in collaborative sessions.

🟠

Likely Case

Participants could delete poll drafts from other users, causing minor disruption to meeting preparation and requiring recreation of polls.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary inconvenience and minor data loss.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with chat permissions and knowledge of numeric poll IDs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.1.8 or 21.1.2

Vendor Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh

Restart Required: No

Instructions:

1. Update Nextcloud Talk to version 20.1.8 (for Nextcloud 20) or 21.1.2 (for Nextcloud 21). 2. Verify the update completed successfully. 3. No service restart required.

🔧 Temporary Workarounds

Restrict chat permissions

all

Temporarily limit chat permissions to trusted users only to reduce attack surface.

Disable poll feature

all

Temporarily disable poll functionality in Nextcloud Talk settings.

🧯 If You Can't Patch

  • Implement strict access controls to limit chat permissions to essential users only.
  • Monitor audit logs for unusual poll deletion activities and implement alerting.

🔍 How to Verify

Check if Vulnerable:

Check Nextcloud Talk version in Nextcloud admin settings. If version is below 20.1.8 (for Nextcloud 20) or below 21.1.2 (for Nextcloud 21), the system is vulnerable.

Check Version:

Check via Nextcloud web interface: Admin → Apps → Installed apps → Nextcloud Talk

Verify Fix Applied:

Verify Nextcloud Talk version is 20.1.8 or higher (for Nextcloud 20) or 21.1.2 or higher (for Nextcloud 21) in admin settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual poll deletion events in Nextcloud audit logs
  • Multiple poll deletions from same user in short timeframe

Network Indicators:

  • HTTP requests to poll deletion endpoints with unauthorized user IDs

SIEM Query:

source="nextcloud" AND event="poll_deleted" AND user_id!=owner_id

📊 Metadata

CVE ID: CVE-2025-66556
CVSS v3 Score: 3.5 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-639
EPSS Score: 0.01% exploit probability (1.9th percentile)
Published: December 5, 2025
Last Updated: December 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66556, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)