CVE-2025-66552

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

CVE-2025-66547

Nextcloud Server (and Enterprise Server) prior to 31.0.1 contains a vulnerability where non-privileged users can modify tags on files they should not access via bulk tagging. Affected product: Nextcloud Server/Enterprise Server; vulnerable component: file tagging mechanism. Root cause details are...

admin_audit does not log all actions on files in groupfolders

None...

PT-2025-49269

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 30.0.9 Nextcloud Server versions prior to 31.0.1 Description An issue exists in Nextcloud Server and Enterprise Server related to incorrect path handling with groupfolders. This resulted in the admin audit ap...

Nextcloud Server 安全漏洞

Nextcloud Server is a Nextcloud server program from Nextcloud Open Source. A security vulnerability exists in versions of Nextcloud Server prior to 31.0.1, which stems from a non-privileged user being able to modify file labels via bulk tagging, potentially resulting in elevated privileges...

PT-2025-49268

Name of the Vulnerable Software and Affected Versions Nextcloud Server and Enterprise Server versions prior to 31.0.1 Description Non-privileged users can modify tags on files they should not have access to through bulk tagging. This affects a self-hosted personal cloud system. Recommendations...