Skip to main content

Deck CVE-2025-66557

| EUVDEUVD-2025-201465 MEDIUM
Improper Access Control (CWE-284)
2025-12-05 security-advisories@github.com
5.4
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 17:08 euvd
EUVD-2025-201465
Analysis Generated
Mar 15, 2026 - 17:08 vuln.today
Patch released
Mar 15, 2026 - 17:08 nvd
Patch available
CVE Published
Dec 05, 2025 - 18:15 nvd
MEDIUM 5.4

DescriptionGitHub Advisory

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Analysis

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Technical ContextAI

This vulnerability is classified as Improper Access Control (CWE-284).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

More in Deck

View all
CVE-2020-8182 HIGH POC
8.0 Oct 05

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permiss

CVE-2024-22213 MEDIUM POC
5.4 Jan 18

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

CVE-2022-29159 MEDIUM POC
4.3 May 20

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. Rated medium severity (CVSS 4.3), thi

CVE-2022-24906 MEDIUM POC
4.3 May 20

Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. Rated medium sever

CVE-2020-8235 MEDIUM POC
4.3 Oct 05

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view a

CVE-2021-39225 HIGH
8.1 Oct 25

Nextcloud is an open-source, self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is re

CVE-2023-22469 LOW POC
3.5 Jan 10

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

CVE-2023-22470 MEDIUM
6.5 Jan 14

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integra

CVE-2021-37631 MEDIUM
6.5 Sep 07

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams inte

CVE-2021-22913 MEDIUM
6.5 Jun 11

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utiliz

CVE-2024-37883 MEDIUM
4.3 Jun 14

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integra

CVE-2023-22471 MEDIUM
4.3 Jan 14

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with N

Share

CVE-2025-66557 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy