Security Advisory

CVE-2025-66550

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-05 16:56:44

Last updated 2025-12-05 18:41:24

Assigner GitHub_M

State PUBLISHED

Description

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.17 and 5.2.4, when a malicious user creates a calendar event with a crafted attachment that links to a download link of a file on the same Nextcloud server, the file would be downloaded without the user confirming the action. This vulnerability is fixed in 4.7.17 and 5.2.4.

← Browse all CVEs View on cve.org ↗