CVE-2025-66512 is a cross-site scripting (XSS) vulnerability classified under CWE-80, discovered in Nextcloud Server and Server Enterprise editions prior to versions 31.0.12 and 32.0.3. The vulnerability stems from improper neutralization of script-related HTML tags within uploaded SVG files. Specifically, when a malicious user uploads a crafted SVG file and tricks another user into viewing this SVG outside the standard Nextcloud web page context, the content security policy (CSP) can be circumvented. This allows the execution of arbitrary scripts in the context of the victim's browser session. The vulnerability does not require any authentication or privileges to exploit but does require user interaction, i.e., the victim must be convinced to open the malicious SVG file. The CVSS v3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, limited integrity impact, and limited availability impact. The vulnerability could be leveraged to perform actions such as session hijacking, defacement, or denial of service through script execution. No public exploits have been reported yet, but the presence of this vulnerability in widely used self-hosted cloud software makes it a notable risk. The lack of patch links in the advisory suggests users should upgrade to the fixed versions 31.0.12 or 32.0.3 as soon as possible to remediate the issue.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality and integrity of user sessions and data accessed through Nextcloud. Since Nextcloud is widely adopted by enterprises, public institutions, and private users across Europe for self-hosted cloud storage and collaboration, exploitation could lead to unauthorized script execution, session hijacking, or denial of service conditions. This could disrupt business operations, compromise sensitive information, or facilitate further attacks within the network. Organizations relying on Nextcloud for critical document sharing or collaboration may experience operational impact if attackers exploit this vulnerability. The requirement for user interaction reduces the likelihood of automated widespread exploitation but targeted phishing or social engineering campaigns could be effective. The absence of known exploits in the wild currently lowers immediate risk, but the medium CVSS score and the nature of the vulnerability warrant prompt remediation to prevent future attacks.

1. Upgrade Nextcloud Server and Server Enterprise installations to versions 31.0.12 or 32.0.3 or later, where the vulnerability is patched. 2. Implement strict content security policies that restrict the execution of scripts from uploaded SVG files or disable SVG rendering if not required. 3. Configure Nextcloud to sanitize or block SVG uploads if possible, or convert SVG files to safer formats before rendering. 4. Educate users about the risks of opening SVG files from untrusted sources, especially outside the Nextcloud web interface. 5. Monitor logs for unusual access patterns or attempts to access SVG files directly. 6. Employ web application firewalls (WAFs) with rules to detect and block malicious SVG payloads. 7. Regularly audit and update all self-hosted cloud software components to minimize exposure to known vulnerabilities. These steps go beyond generic advice by focusing on SVG-specific handling and user awareness tailored to this vulnerability.