Fedora 43: Critical XSS Vulnerability Advisory for Nextcloud 31.0.9

fedora

September 30, 2025

31.0.9 release RHBZ#2388493 RHBZ#2389830 RHBZ#2389831 RHBZ#2389842 RHBZ#2389843 RHBZ#2389814 RHBZ#2389815

Summary

NextCloud gives you universal access to your files through a web interface or

WebDAV. It also provides a platform to easily view & sync your contacts,

calendars and bookmarks across all your devices and enables basic editing right

on the web. NextCloud is extendable via a simple but powerful API for

applications and plugins.

Update Information:

31.0.9 release RHBZ#2388493 RHBZ#2389830 RHBZ#2389831 RHBZ#2389842 RHBZ#2389843 RHBZ#2389814 RHBZ#2389815

Topics Covered

security advisory fedora update cross site scripting web application nextcloud

Change Log

* Sat Sep 20 2025 Andrew Bauer - 31.0.9-1 - 31.0.9 release RHBZ#2388493 RHBZ#2389830 RHBZ#2389831 RHBZ#2389842 RHBZ#2389843 RHBZ#2389814 RHBZ#2389815

References

[ 1 ] Bug #2388493 - nextcloud-31.0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2388493 [ 2 ] Bug #2389814 - CVE-2025-54881 nextcloud: Mermaid cross site scripting [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2389814 [ 3 ] Bug #2389815 - CVE-2025-54880 nextcloud: Mermaid cross site scripting [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2389815 [ 4 ] Bug #2389830 - CVE-2025-54881 nextcloud: Mermaid cross site scripting [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2389830 [ 5 ] Bug #2389831 - CVE-2025-54880 nextcloud: Mermaid cross site scripting [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2389831 [ 6 ] Bug #2389842 - CVE-2025-54881 nextcloud: Mermaid cross site scripting [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2389842 [ 7 ] Bug #2389843 - CVE-2025-54880 nextcloud: Mermaid cross site scripting [fedora-42] https://bugzilla.redhat.com...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8af4de0f83' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: nextcloud

Product: Fedora 43

Version: 31.0.9

Release: 1.fc43

URL: http://nextcloud.com

Summary: Private file sync and share server

Topics Covered

security advisory fedora update cross site scripting web application nextcloud

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43: Critical XSS Vulnerability Advisory for Nextcloud 31.0.9

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43: Critical XSS Vulnerability Advisory for Nextcloud 31.0.9

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!