Low Published: Dec 05, 2025

CVE-2025-66556

3.5 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity Low

Availability None

Weaknesses (CWE)

CWE-639

References & External Links

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pr9f-vqgg-m2jh
https://github.com/nextcloud/spreed/commit/bd68e80d1dea98d84c1d621c2c681238cf041725
https://github.com/nextcloud/spreed/pull/15532
https://hackerone.com/reports/3247386

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker