File Disclosure & Symlink Attack via Temp Files in Nextcloud 29-31: CVE-2025-47794 May 2025

Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.

Vulnerability Analysis

CVE-2025-47794 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2025-47794 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2025-47794

Want to know whenever a new CVE is published for Nextcloud? stack.watch will email you.

Affected Versions

Exploit Probability

EPSS

0.03%

Percentile

7.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.