CVE-2025-59716

Published: Nov 5, 2025

Modified: Nov 5, 2025

PUBLISHED

Description

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/owncloud/guests

https://yeswehack.com/reports/411806

https://marketplace.owncloud.com/apps/guests

https://gist.github.com/thesmartshadow/64ae0449e909174d0479a4f23657147f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-59716

Description

Affected Products

References