Vulnerability DatabaseCVE-2025-47792

CVE-2025-47792:
Linux Debian vulnerability analysis and mitigation

Overview

Nextcloud Desktop, the desktop sync client for Nextcloud, was found to contain a security vulnerability (CVE-2025-47792) affecting versions prior to 3.15. The vulnerability was disclosed on May 16, 2025, and allows third-party applications already installed on a user's machine to create link shares for almost all data through the socket API (NVD, Security Advisory).

Technical details

The vulnerability is classified with a CVSS v3.1 Base Score of 5.0 (Medium) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N. The technical assessment indicates local attack vector, high attack complexity, low privileges required, and user interaction required. The vulnerability is categorized under CWE-284 (Improper Access Control) (Security Advisory).

Impact

The vulnerability allows third-party applications with local access to create link shares for nearly all data accessible through the socket API. These shares can subsequently be transmitted to external services, potentially leading to unauthorized data exposure (Security Advisory).

Mitigation and workarounds

The vulnerability has been fixed in Nextcloud Desktop version 3.15. Users are strongly recommended to upgrade to this version as no alternative workarounds are available (NVD, Security Advisory).