CVE-2025-59788

🗓️ 04 Dec 2025 00:00:00Reported by mitreType

XSS in Nextcloud PDF viewer via files_pdfviewer allows JavaScript in viewer.html.

Reporter	Title	Published	Views	Family All 11
Information Security Automation	June Linux Patch Wednesday	26 Jun 202617:00	–	avleonov
CNNVD	Nextcloud 安全漏洞	4 Dec 202500:00	–	cnnvd
CVE	CVE-2025-59788	4 Dec 202500:00	–	cve
EUVD	EUVD-2025-201255	4 Dec 202521:31	–	euvd
Nextcloud	Development files shipped in files_pdfviewer app	5 Dec 202507:50	–	nextcloud
NVD	CVE-2025-59788	4 Dec 202519:16	–	nvd
OpenVAS	Nextcloud Server Multiple Vulnerabilities (GHSA-24wp-p865-7j4r)	9 Dec 202500:00	–	openvas
Positive Technologies	PT-2025-49115	3 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-59788	11 Dec 202505:16	–	redhatcve
Redos	ROS-20260524-73-0054	24 May 202600:00	–	redos

[
  {
    "defaultStatus": "unaffected",
    "product": "Nextcloud",
    "vendor": "Nextcloud",
    "versions": [
      {
        "lessThan": "22.2.10.33",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "23.0.12.29",
        "status": "affected",
        "version": "23",
        "versionType": "custom"
      },
      {
        "lessThan": "24.0.12.28",
        "status": "affected",
        "version": "24",
        "versionType": "custom"
      },
      {
        "lessThan": "25.0.13.23",
        "status": "affected",
        "version": "25",
        "versionType": "custom"
      },
      {
        "lessThan": "26.0.13.20",
        "status": "affected",
        "version": "26",
        "versionType": "custom"
      },
      {
        "lessThan": "27.1.11.20",
        "status": "affected",
        "version": "27",
        "versionType": "custom"
      },
      {
        "lessThan": "28.0.14.11",
        "status": "affected",
        "version": "28",
        "versionType": "custom"
      },
      {
        "lessThan": "29.0.16.8",
        "status": "affected",
        "version": "29",
        "versionType": "custom"
      },
      {
        "lessThan": "30.0.17",
        "status": "affected",
        "version": "30",
        "versionType": "custom"
      },
      {
        "lessThan": "31.0.10",
        "status": "affected",
        "version": "31",
        "versionType": "custom"
      },
      {
        "lessThan": "32.0.1",
        "status": "affected",
        "version": "32",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
redteam-pentesting	www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/
nextcloud	www.nextcloud.com/
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r

04 Dec 2025 19:02Current

CVSS 3.16.4

EPSS0.00246

CWE-749