CVE-2025-66515 – Nextcloud Approval app allows users to request approval for other users file

CVE ID : CVE-2025-66515

Published : Dec. 5, 2025, 6:15 p.m. | 49 minutes ago

Description : The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by using the numeric file id. This vulnerability is fixed in 1.3.1 and 2.5.0.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…