What is the CVSS score of CVE-2025-66556?

CVE-2025-66556 has a CVSS 3.1 base score of 3.5 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Nextcloud are affected by CVE-2025-66556?

CVE-2025-66556 is a low-severity vulnerability in Nextcloud talk (CVSS 3.5). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…. A patch is available.

How to fix or mitigate CVE-2025-66556?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Nextcloud CVE-2025-66556

EUVD-2025-201458 LOW

Authorization Bypass Through User-Controlled Key (CWE-639)

2025-12-05 security-advisories@github.com

Authentication Bypass Nextcloud

3.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201458

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

Patch released

Mar 15, 2026 - 17:08 nvd

Patch available

CVE Published

Dec 05, 2025 - 18:15 nvd

LOW 3.5

DescriptionNVD

Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is fixed in 20.1.8 and 21.1.2.

Analysis

Technical ContextAI

This vulnerability is classified as Authorization Bypass Through User-Controlled Key (CWE-639).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

CVE-2025-66556 vulnerability details – vuln.today

Back