What is CVE-2023-25162?

CVE-2023-25162 is a vulnerability in Nextcloud Server that allows server-side request forgery (SSRF) attacks.

How does CVE-2023-25162 affect Nextcloud Server?

CVE-2023-25162 affects Nextcloud Server versions prior to 24.0.8 and 23.0.12, as well as Nextcloud Enterprise server versions prior to 24.0.8 and 23.0.12.

What is the severity of CVE-2023-25162?

CVE-2023-25162 has a severity value of 5.3, which is considered medium severity.

How can attackers exploit CVE-2023-25162?

Attackers can exploit CVE-2023-25162 by leveraging server-side request forgery (SSRF) to perform unauthorized actions.

How do I fix CVE-2023-25162?

To fix CVE-2023-25162, users should update their Nextcloud Server installations to version 24.0.8 or 23.0.12, or upgrade to Nextcloud Enterprise Server 24.0.8 or 23.0.12.

Vulnerability/
CVE-2023-25162

medium

5.3

CWE

918

13/2/2023

2/8/2024

CVE-2023-25162: Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs

First published: Mon Feb 13 2023(Updated: )

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to 24.0.8 and 23.0.12 and Nextcloud Enterprise server prior to 24.0.8 and 23.0.12 are vulnerable to server-side request forgery (SSRF). Attackers can leverage enclosed alphanumeric payloads to bypass IP filters and gain SSRF, which would allow an attacker to read crucial metadata if the server is hosted on the AWS platform. Nextcloud Server 24.0.8 and 23.0.2 and Nextcloud Enterprise Server 24.0.8 and 23.0.12 contain a patch for this issue. No known workarounds are available.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Nextcloud Nextcloud Server	<23.0.12
Nextcloud Nextcloud Server	>=24.0.0<24.0.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-25162?
CVE-2023-25162 is a vulnerability in Nextcloud Server that allows server-side request forgery (SSRF) attacks.
How does CVE-2023-25162 affect Nextcloud Server?
CVE-2023-25162 affects Nextcloud Server versions prior to 24.0.8 and 23.0.12, as well as Nextcloud Enterprise server versions prior to 24.0.8 and 23.0.12.
What is the severity of CVE-2023-25162?
CVE-2023-25162 has a severity value of 5.3, which is considered medium severity.
How can attackers exploit CVE-2023-25162?
Attackers can exploit CVE-2023-25162 by leveraging server-side request forgery (SSRF) to perform unauthorized actions.
How do I fix CVE-2023-25162?
To fix CVE-2023-25162, users should update their Nextcloud Server installations to version 24.0.8 or 23.0.12, or upgrade to Nextcloud Enterprise Server 24.0.8 or 23.0.12.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/references
agent/title
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/nextcloud
canonical/nextcloud nextcloud server
version/nextcloud nextcloud server/24.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.