Main Vulnerability Database SB2025120515

SB2025120515 - Improper Encoding or Escaping of Output in Nextcloud Deck app

Published: December 5, 2025

Security Bulletin ID SB2025120515

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Encoding or Escaping of Output (CVE-ID: CVE-2025-66548)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper encoding or escaping of output. A local user can spoof file extensions by using RTLO characters.

Install update from vendor's website.