Vulnerability Details CVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.1%
CVSS Severity
CVSS v3 Score 2.6
References
Products affected by CVE-2025-47794
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.10
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.11
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.12
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.13
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.13.10
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.13.3
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.13.4
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.13.9
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.2
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.3
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.4
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.6
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.8
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.9
-
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.0
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.10
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.11
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.11.10
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.11.8
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.11.9
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.2
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.3
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.4
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.5
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.6
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.7
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.8
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.9
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.1
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.10
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.11
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.12
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.13
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.14
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.2
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.3
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.4
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.5
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.6
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.7
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.8
-
cpe:2.3:a:nextcloud:nextcloud_server:28.0.9
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.1
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.10
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.11
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.12
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.2
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.3
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.4
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.5
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.6
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.7
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.8
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.9
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.1
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.2
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.3
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.4
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.5
-
cpe:2.3:a:nextcloud:nextcloud_server:30.0.6
-
cpe:2.3:a:nextcloud:nextcloud_server:31.0.0