Online

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-66208 CRITICAL PATCH Act Now

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

PHP Command Injection Online Nextcloud

NVD GitHub

CVSS 3.1

9.8

EPSS

0.5%

CVE-2025-66208

EPSS 1% CVSS 9.8

CRITICAL PATCH Act Now

Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php and an intermediate reverse proxy. This vulnerability is fixed in 25.04.702.

PHP Command Injection Online +1

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy