EUVD-2023-39916

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

NextCloud servers allow file storage but may have vulnerabilities that allow malicious modifications to VCards.

Reporter	Title	Published	Views	Family All 50
BDU FSTEC	The vulnerability of cloud-based software for creating and using NextCloud Server’s data storage system is related to lack of access control. This allows a malicious individual to modify or delete VCards from the system address book on the NextCloud server.	25 Jan 202400:00	–	bdu_fstec
CNNVD	Nextcloud 访问控制错误漏洞	23 Jun 202300:00	–	cnnvd
CVE	CVE-2023-35927	23 Jun 202320:53	–	cve
Cvelist	CVE-2023-35927 Nextcloud system addressbooks can be modified by malicious trusted server	23 Jun 202320:53	–	cvelist
Nextcloud	System addressbooks can be modified by malicious trusted server	22 Jun 202313:22	–	nextcloud
NVD	CVE-2023-35927	23 Jun 202321:15	–	nvd
OpenVAS	Nextcloud Server 25.x < 25.0.7, 26.x < 26.0.2 Multiple Vulnerabilities (GHSA-qphh-6xh7-vffg, GHSA-mjf5-p765-qmr6, GHSA-h7f7-535f-7q87, GHSA-637g-xp2c-qh5h)	23 Jun 202300:00	–	openvas
OSV	CVE-2023-35927 Nextcloud system addressbooks can be modified by malicious trusted server	23 Jun 202320:53	–	osv
Prion	Code injection	23 Jun 202321:15	–	prion
Positive Technologies	PT-2023-23726 · Nextcloud +1 · Nextcloud Server +1	31 Mar 202300:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "25071f57-61db-3c63-a4d8-46390d05f0e8",
        "vendor": {
          "name": "nextcloud"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0ef24bbc-2296-3ba8-92a8-fb82fdd7eb7c",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server  23.0.0, < 23.0.12.7"
      },
      {
        "id": "48d5e0b1-635c-3f15-a4de-b71be87f5efe",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server  24.0.0, < 24.0.12.2"
      },
      {
        "id": "79504a03-864d-3eeb-b8f8-6b0741790808",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server  22.0.0, < 22.2.10.12"
      },
      {
        "id": "7a4339a0-3f8d-3c16-8cf1-2f5cb1d61c8e",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Server  26.0.0, < 26.0.2"
      },
      {
        "id": "9018f811-3082-3c60-a4cc-839b96abb3b7",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server  25.0.0, < 25.0.7"
      },
      {
        "id": "ae313141-3430-3d69-bd03-7acbb77e0255",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server  26.0.0, < 26.0.2"
      },
      {
        "id": "c813ad4f-d539-334e-b476-c9da177088d4",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server  21.0.0, < 21.0.9.12"
      },
      {
        "id": "db92a357-6139-344e-bed4-56ccfa52a54d",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Server  25.0.0, < 25.0.7"
      }
    ]
  }
]

Source	Link
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-h7f7-535f-7q87
github	www.github.com/nextcloud/server/pull/38247
hackerone	www.hackerone.com/reports/1976754

03 Oct 2025 20:07Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.6 - 8.1

EPSS0.00221

SSVC