CVE-2025-47794 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Nextcloud Server and Nextcloud Enterprise Server versions prior to 29.0.13, 30.0.7, and 31.0.1 for the community edition, and prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 for the enterprise edition. Nextcloud is a widely used self-hosted cloud storage and collaboration platform, often deployed in multi-user environments. The vulnerability allows an attacker who has access to a multi-user Nextcloud system to read temporary files belonging to other users or to perform a symlink attack. This occurs because of improper access control on temporary files created by Nextcloud processes running under different user accounts. The flaw could enable unauthorized disclosure of sensitive data stored temporarily during file operations or manipulation of file system links to escalate privileges or interfere with other users' data. The vulnerability requires the attacker to have some level of access to the multi-user system (local or possibly through compromised credentials) and involves user interaction, making exploitation more complex. The CVSS 3.1 score is 2.6 (low severity), reflecting the limited impact on confidentiality, integrity, and availability, the requirement for low privileges, high attack complexity, and user interaction. No known exploits are reported in the wild, and no workarounds exist. The issue is fixed in the specified patched versions of Nextcloud Server and Enterprise Server.

For European organizations using Nextcloud as a self-hosted cloud solution, this vulnerability poses a risk primarily in multi-user environments such as universities, enterprises, and government agencies where multiple users share the same Nextcloud instance. The improper access control could lead to unauthorized disclosure of temporary files, potentially exposing sensitive or confidential information during file upload, synchronization, or processing. While the impact on confidentiality and integrity is limited and exploitation complexity is high, organizations handling sensitive data (e.g., personal data under GDPR, intellectual property, or internal communications) could face compliance and reputational risks if data leakage occurs. The vulnerability does not directly affect availability, but successful symlink attacks could be leveraged as part of a broader attack chain. Given the widespread adoption of Nextcloud in Europe, especially in privacy-conscious sectors preferring self-hosted solutions, the threat is relevant but not critical. The absence of known exploits reduces immediate risk, but delayed patching could increase exposure over time.

European organizations should prioritize updating Nextcloud Server and Enterprise Server to the fixed versions (29.0.13, 30.0.7, 31.0.1 for community editions and 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, 31.0.1 for enterprise editions) as soon as possible. Since no workarounds exist, patching is the primary mitigation. Additionally, organizations should review and harden file system permissions on the server hosting Nextcloud to ensure strict separation of user data and temporary files, minimizing the risk of cross-user access. Implementing strict user account management and monitoring for unusual file system activity or symlink creation attempts can help detect exploitation attempts. Limiting Nextcloud access to trusted users and networks, enforcing strong authentication mechanisms, and isolating multi-user environments (e.g., containerization or virtualization) can further reduce risk. Regular security audits and penetration testing focusing on file access controls in Nextcloud deployments are recommended to identify residual weaknesses.