CVE-2025-66553 is an authorization bypass vulnerability classified under CWE-639 (Authorization Bypass Through User-Controlled Key) affecting Nextcloud Tables, a component of the Nextcloud ecosystem that enables users to create customizable tables with individual columns. The vulnerability exists in versions prior to 0.8.7 and between 0.9.0-beta.1 and 0.9.4. Authenticated users can exploit this flaw by manipulating the numeric ID parameter in requests to access metadata of columns belonging to tables they do not own. This metadata exposure does not extend to the actual table data or allow modification, but it reveals structural information about other users' tables, which could be leveraged for further attacks or information gathering. The vulnerability requires authentication but no additional user interaction, and it can be exploited remotely over the network. The CVSS v3.1 base score is 4.3 (medium severity), reflecting low impact on confidentiality and no impact on integrity or availability, with low attack complexity and no user interaction required. The issue was publicly disclosed on December 5, 2025, and fixed in Nextcloud Tables versions 0.8.7 and 0.9.4. There are no known active exploits in the wild at this time.

For European organizations, the primary impact of CVE-2025-66553 is the unauthorized disclosure of metadata related to Nextcloud Tables columns. While this does not directly compromise the confidentiality of actual data or affect system integrity or availability, the exposure of table schema information can facilitate more targeted attacks, such as social engineering, privilege escalation, or exploitation of other vulnerabilities. Organizations handling sensitive or regulated data may face compliance risks if metadata exposure leads to indirect data leakage or aids attackers in mapping internal data structures. Additionally, Nextcloud is widely used in Europe, especially among public sector entities, educational institutions, and enterprises valuing data sovereignty, increasing the likelihood of exposure. Although no active exploits are reported, the vulnerability's ease of exploitation by authenticated users means insider threats or compromised credentials could be leveraged to gain unauthorized insights. This could undermine trust in collaboration platforms and potentially lead to further security incidents if combined with other vulnerabilities or attack vectors.

European organizations using Nextcloud Tables should immediately verify their deployed versions and upgrade to at least version 0.8.7 or 0.9.4 where this vulnerability is patched. Since the vulnerability requires authentication, organizations should enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. Implement strict access controls and monitor user activities for anomalous behavior, especially requests involving manipulation of numeric IDs or unusual access patterns to table metadata. Network segmentation and limiting Nextcloud access to trusted networks or VPNs can reduce exposure. Additionally, conduct regular audits of Nextcloud app versions and configurations to ensure timely patching of security advisories. Educate users about the risks of credential sharing and insider threats. Finally, consider applying web application firewalls (WAF) rules to detect and block suspicious parameter tampering attempts targeting the Tables app endpoints.