CVE-2023-25159
First published: Mon Feb 13 2023(Updated: )
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | >=24.0.4<=24.0.8 | |
| Nextcloud Nextcloud Server | =24.0.2 | |
| Nextcloud Nextcloud Server | =25.0.0 | |
| Nextcloud Richdocuments | >=6.0.0<6.3.1 | |
| Nextcloud Richdocuments | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-25159?
CVE-2023-25159 is a vulnerability in Nextcloud Server and Nextcloud Office that allows remote attackers to execute arbitrary commands and gain unauthorized access to the server.
How severe is the vulnerability CVE-2023-25159?
The severity of CVE-2023-25159 is medium, with a severity value of 5.3.
Which versions of Nextcloud Server and Nextcloud Office are affected by CVE-2023-25159?
Nextcloud Server versions 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, as well as Nextcloud Enterprise Server versions 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1 are affected by CVE-2023-25159.
What is the impact of CVE-2023-25159?
The impact of CVE-2023-25159 is that remote attackers can execute arbitrary commands and gain unauthorized access to the Nextcloud Server or Nextcloud Office.
How can I fix the vulnerability CVE-2023-25159?
To fix the vulnerability CVE-2023-25159, upgrade Nextcloud Server and Nextcloud Office to version 24.0.8 or 25.0.1, or apply the patches provided by Nextcloud.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/24.0.4
- version/nextcloud nextcloud server/24.0.8
- version/nextcloud nextcloud server/24.0.2
- version/nextcloud nextcloud server/25.0.0
- canonical/nextcloud richdocuments
- version/nextcloud richdocuments/6.0.0
- version/nextcloud richdocuments/7.0.0