25.0.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nextcloud

NVD

Published: 2023-03-30

Updated: 2023-11-07

Summary

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Server 25.0.2	2

References

https://github.com/nextcloud/server/pull/36016
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j