CVE-2023-25159— Nextcloud Server previews are accessible without a watermark

CVSS 2.3 · Low EPSS 0.20% · P42 Updated Mar 11, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-25159

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Nextcloud Server previews are accessible without a watermark

Source: NVD (National Vulnerability Database)

Vulnerability Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark should get applied. This issue is fixed in Nextcloud Server 25.0.1 and 24.0.8, Nextcloud Enterprise Server 25.0.1 and 24.0.8, and Nextcloud Office (Richdocuments) App 7.0.1 (for 25) and 6.3.1 (for 24). No known workarounds are available.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

访问控制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nextcloud 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Server存在安全漏洞，该漏洞源于可以在没有水印的情况下预览。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
nextcloud	security-advisories	>= 24.0.4, < 24.0.8	-

II. Public POCs for CVE-2023-25159

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-25159

请登录查看更多情报信息。

https://hackerone.com/reports/1745755x_refsource_MISC
https://github.com/nextcloud/server/pull/34799x_refsource_MISC
https://github.com/nextcloud/richdocuments/pull/2579x_refsource_MISC
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92g2-h5jv-jjmgx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2023-25159

Same Patch Batch · nextcloud · 2023-02-13 · 4 CVEs total

CVE-2023-25162	5.3 MEDIUM	Nextcloud Server vulnerable to SSRF via filter bypass due to lax checking on IPs
CVE-2023-25160	4.1 MEDIUM	IDOR Vulnerability in Nextcloud Mail
CVE-2023-25161	3.7 LOW	Nextcloud Server's missing rate limiting on password reset functionality allows sending lo

IV. Related Vulnerabilities

Same product: security-advisories

Same vendor: nextcloud

Same weakness: CWE-284

V. Comments for CVE-2023-25159

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-25159— Nextcloud Server previews are accessible without a watermark

I. Basic Information for CVE-2023-25159

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-25159

III. Intelligence Information for CVE-2023-25159

Same Patch Batch · nextcloud · 2023-02-13 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-25159

Leave a comment