CVE-2025-59788

Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r	Mitigation Vendor Advisory
https://nextcloud.com	Product
https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*

Configuration 2 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

No history.

Information

Published : 2025-12-04 19:16

Updated : 2026-03-25 21:35

NVD link : CVE-2025-59788

Mitre link : CVE-2025-59788

CVE.ORG link : CVE-2025-59788

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-749

Exposed Dangerous Method or Function

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-59788", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2025-12-04T19:16:04.380", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24wp-p865-7j4r", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://nextcloud.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-003/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-749"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis."}], "lastModified": "2026-03-25T21:35:25.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8A3D94EC-A877-458D-9A33-5451FE97A785", "versionEndExcluding": "30.0.17", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "2059C891-F256-482A-99BF-D912A1657419", "versionEndExcluding": "31.0.10", "versionStartIncluding": "31.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A75D466C-B154-480A-9D4F-8E9454147156", "versionEndExcluding": "32.0.1", "versionStartIncluding": "32.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4440D2E7-2FCB-4CC2-A57F-708AAB0CD22B", "versionEndExcluding": "22.2.10.33", "versionStartIncluding": "22.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "51922DA7-3112-422A-9F66-9CAA54E89D8F", "versionEndExcluding": "23.0.12.29", "versionStartIncluding": "23.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC7C575-7348-45A1-9023-A6606541987B", "versionEndExcluding": "24.0.12.28", "versionStartIncluding": "24.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "000C64D7-C76D-4E69-9705-18132C615456", "versionEndExcluding": "25.0.13.23", "versionStartIncluding": "25.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "D9491A91-2A7C-4C84-89E9-219422D91350", "versionEndExcluding": "26.0.13.20", "versionStartIncluding": "26.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CFD3A15F-58D7-4C3D-A49F-065F28ED6361", "versionEndExcluding": "27.1.11.20", "versionStartIncluding": "27.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B55EF258-E98A-43A9-B73C-AE62D448421D", "versionEndExcluding": "28.0.14.11", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "7710228F-2984-4F9A-8360-0054E7E78687", "versionEndExcluding": "29.0.16.8", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "AE19F75F-6A78-4770-B7C6-338570FA7184", "versionEndExcluding": "30.0.17", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "64C21E45-22B8-49B2-B630-30448D89A4E9", "versionEndExcluding": "31.0.10", "versionStartIncluding": "31.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CFA5AD5D-1145-44D6-ABE3-64837C74975F", "versionEndExcluding": "32.0.1", "versionStartIncluding": "32.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}