Authorization Bypass Through User-Controlled Key

CVE-2025-66558

Low

3.1/10

Summary

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would then be prompted to register a new device on the next login. The attacker can not authenticate as the victim. This vulnerability is fixed in 1.4.2 and 2.4.1.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-639 - Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References

Advisory Timeline

Published Dec 05, 2025

Authorization Bypass Through User-Controlled Key

CVE-2025-66558

Summary

CWE-639 - Authorization Bypass Through User-Controlled Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS