{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "29.0.0"
              },
              {
                "fixed": "29.0.13"
              }
            ]
          },
          "events": [
            {
              "introduced": "36ae775aa7c9af22bf33645a2d8807206ec6c85f"
            },
            {
              "fixed": "dab944fd6a9c1cdc354d056275a438a2e9896455"
            }
          ],
          "repo": "https://github.com/nextcloud/server",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "30.0.0"
              },
              {
                "fixed": "30.0.7"
              }
            ]
          },
          "events": [
            {
              "introduced": "656488893e2175e19fbe273d76a5e16a598000c7"
            },
            {
              "fixed": "5dd6bf7d216ec1a0d53182cd999de41e9065c3d7"
            }
          ],
          "repo": "https://github.com/nextcloud/server",
          "type": "GIT"
        },
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "31.0.0"
              },
              {
                "fixed": "31.0.1"
              }
            ]
          },
          "events": [
            {
              "introduced": "051e46a7a272300cf7c90b3e330fd1501fd6a996"
            },
            {
              "fixed": "ca86133382c6efb7c0eb82e5b9806a84bad2b9dc"
            }
          ],
          "repo": "https://github.com/nextcloud/server",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-q568-2933-gcjq"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-284"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47794.json"
  },
  "details": "Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.",
  "id": "CVE-2025-47794",
  "modified": "2026-04-01T23:07:52.581085742Z",
  "published": "2025-05-16T14:35:25.280Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1960647"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47794.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q568-2933-gcjq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47794"
    },
    {
      "type": "FIX",
      "url": "https://github.com/nextcloud/server/pull/51194"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission"
}