Security Advisory

CVE-2025-66515

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-05 17:37:06

Last updated 2025-12-05 18:10:00

Assigner GitHub_M

State PUBLISHED

Description

The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

← Browse all CVEs View on cve.org ↗