CVE-2025-47794

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47794

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-47794.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-47794

Aliases

GHSA-q568-2933-gcjq

Published

2025-05-16T14:35:25.280Z

Modified

2025-12-02T20:07:21.253124Z

Severity

2.6 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission

Details

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47794.json"
}

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

36ae775aa7c9af22bf33645a2d8807206ec6c85f

Fixed

dab944fd6a9c1cdc354d056275a438a2e9896455

Database specific

{
    "versions": [
        {
            "introduced": "29.0.0"
        },
        {
            "fixed": "29.0.13"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

656488893e2175e19fbe273d76a5e16a598000c7

Fixed

5dd6bf7d216ec1a0d53182cd999de41e9065c3d7

Database specific

{
    "versions": [
        {
            "introduced": "30.0.0"
        },
        {
            "fixed": "30.0.7"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

051e46a7a272300cf7c90b3e330fd1501fd6a996

Fixed

ca86133382c6efb7c0eb82e5b9806a84bad2b9dc

Database specific

{
    "versions": [
        {
            "introduced": "31.0.0"
        },
        {
            "fixed": "31.0.1"
        }
    ]
}

Affected versions

v29.*

v29.0.0

v29.0.1

v29.0.10

v29.0.10rc1

v29.0.11

v29.0.11rc1

v29.0.12

v29.0.12rc1

v29.0.12rc2

v29.0.13rc1

v29.0.13rc2

v29.0.1rc1

v29.0.2

v29.0.2rc1

v29.0.2rc2

v29.0.3

v29.0.3rc1

v29.0.3rc2

v29.0.3rc3

v29.0.3rc4

v29.0.4

v29.0.4rc1

v29.0.5

v29.0.5rc1

v29.0.6

v29.0.6rc1

v29.0.7

v29.0.7rc1

v29.0.8

v29.0.8rc1

v29.0.9

v29.0.9rc1

v29.0.9rc2

v30.*

v30.0.0

v30.0.1

v30.0.1rc1

v30.0.1rc2

v30.0.2

v30.0.2rc1

v30.0.2rc2

v30.0.3

v30.0.3rc1

v30.0.3rc2

v30.0.4

v30.0.4rc1

v30.0.5

v30.0.5rc1

v30.0.6

v30.0.6rc1

v30.0.6rc2

v30.0.7rc1

v30.0.7rc2

v31.*

v31.0.0

v31.0.1rc1

v31.0.1rc2