{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T06:20:03.619","vulnerabilities":[{"cve":{"id":"CVE-2025-66557","sourceIdentifier":"security-advisories@github.com","published":"2025-12-05T18:15:58.977","lastModified":"2025-12-09T16:46:17.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with \"Can share\" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.14.6","matchCriteriaId":"29F12EA5-770A-4C40-A049-CA2EA77CE016"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:deck:*:*:*:*:*:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.2","matchCriteriaId":"32A3D86C-1990-4E96-8027-AF235997BE7D"}]}]}],"references":[{"url":"https://github.com/nextcloud/deck/commit/f1da8b30a455f02373d44154da04494c949a95ae","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nextcloud/deck/pull/7131","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wwr8-hx9g-rjvv","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://hackerone.com/reports/3247499","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}