Description

Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user can access previews of arbitrary files belonging to other users by manipulating the fileId parameter. This allows unauthorized disclosure of sensitive data, such as text files or images, without prior sharing permissions.

Related CPE's

a

nextcloud

nextcloud_server

30.0.0

-

Vulnerable

References

https://drive.google.com/file/d/1eD3PN-u1caZYgGH96XHmJ7h_OBXEAHW4/view?usp=sharing

Exploit

https://gist.github.com/tarekramm/586dfe2d113fedfee6d71182570fc090

ExploitThird Party Advisory

https://nextcloud.com

Product

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-639

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-12T17:15:45.210

1 week ago

Last modified

2025-12-19T15:47:19.010

3 hours ago