CVE-2025-66557 – Nextcloud Deck app allowed user with „Can share“ permission to modify permissions of other non-owners

CVE ID : CVE-2025-66557

Published : Dec. 5, 2025, 6:15 p.m. | 49 minutes ago

Description : Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with „Can share“ permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…