What is CVE-2023-25159?

CVE-2023-25159 is a vulnerability in Nextcloud Server and Nextcloud Office that allows remote attackers to execute arbitrary commands and gain unauthorized access to the server.

How severe is the vulnerability CVE-2023-25159?

The severity of CVE-2023-25159 is medium, with a severity value of 5.3.

Which versions of Nextcloud Server and Nextcloud Office are affected by CVE-2023-25159?

Nextcloud Server versions 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, as well as Nextcloud Enterprise Server versions 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1 are affected by CVE-2023-25159.

What is the impact of CVE-2023-25159?

The impact of CVE-2023-25159 is that remote attackers can execute arbitrary commands and gain unauthorized access to the Nextcloud Server or Nextcloud Office.

How can I fix the vulnerability CVE-2023-25159?

To fix the vulnerability CVE-2023-25159, upgrade Nextcloud Server and Nextcloud Office to version 24.0.8 or 25.0.1, or apply the patches provided by Nextcloud.

Vulnerability/
CVE-2023-25159

medium

5.3

CWE

284

13/2/2023

2/8/2024

CVE-2023-25159: Nextcloud Server previews are accessible without a watermark

First published: Mon Feb 13 2023(Updated: )

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Nextcloud Nextcloud Server	>=24.0.4<=24.0.8
Nextcloud Nextcloud Server	=24.0.2
Nextcloud Nextcloud Server	=25.0.0
Nextcloud Richdocuments	>=6.0.0<6.3.1
Nextcloud Richdocuments	=7.0.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-25159?
CVE-2023-25159 is a vulnerability in Nextcloud Server and Nextcloud Office that allows remote attackers to execute arbitrary commands and gain unauthorized access to the server.
How severe is the vulnerability CVE-2023-25159?
The severity of CVE-2023-25159 is medium, with a severity value of 5.3.
Which versions of Nextcloud Server and Nextcloud Office are affected by CVE-2023-25159?
Nextcloud Server versions 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, as well as Nextcloud Enterprise Server versions 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1 are affected by CVE-2023-25159.
What is the impact of CVE-2023-25159?
The impact of CVE-2023-25159 is that remote attackers can execute arbitrary commands and gain unauthorized access to the Nextcloud Server or Nextcloud Office.
How can I fix the vulnerability CVE-2023-25159?
To fix the vulnerability CVE-2023-25159, upgrade Nextcloud Server and Nextcloud Office to version 24.0.8 or 25.0.1, or apply the patches provided by Nextcloud.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/title
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/nextcloud
canonical/nextcloud nextcloud server
version/nextcloud nextcloud server/24.0.4
version/nextcloud nextcloud server/24.0.8
version/nextcloud nextcloud server/24.0.2
version/nextcloud nextcloud server/25.0.0
canonical/nextcloud richdocuments
version/nextcloud richdocuments/6.0.0
version/nextcloud richdocuments/7.0.0