Home

Description

Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leaked to the user. It is recommended that the Nextcloud Tables app is upgraded to 0.7.6, 0.8.8 or 0.9.5.

PUBLISHED Reserved 2025-08-22 | Published 2025-10-16 | Updated 2025-10-16 | Assigner GitHub_M




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-841: Improper Enforcement of Behavioral Workflow

Product status

>= 0.7.0, < 0.7.6
affected

>= 0.8.0, < 0.8.8
affected

>= 0.9.0, < 0.9.5
affected

References

github.com/...sories/security/advisories/GHSA-wpp5-4w35-pxq6

github.com/nextcloud/tables/pull/1936

hackerone.com/reports/3249624

cve.org (CVE-2025-58051)

nvd.nist.gov (CVE-2025-58051)

Download JSON