Hello,
For many years i had installed Nextcloud native with coolwsd native, due to expansion of the server (University projects) i had to hold online conferences and edit documents with multiple peoples in the same time and also whiteboard to propose ideeas, so talk was installed, due to missing HPB and errors when building signaling native i had to switch to AIO for a fast deployment. The years i had native installment i had security scores of A and A+ on imuniweb security test and SSL Labs, now with the AIO installment i have C on imuniweb due to Axios critical vulnerability (a CVE did not write down the number). For what is used exactly Axios in the nextcloud AIO and how the security is impacted by axios known vulnerability?
Hello @Dragos_Manea and welcome to the community!
It would be awesome if you could locate the CVE number for the vulnerability that you saw 
Are you able to retrieve it? That way it is easier to tell what it might be related and how you can take the necessary measures to be safe.
Yes, of course:
ID: CVE-2025-27152
Type: CWE-918 - Server-Side Request Forgery (SSRF)
Along with this message: The fingerprinted component version is outdated and vulnerable to publicly known vulnerabilities. Urgently update to the most recent version 1.8.3 .
Hi, please report this to HackerOne
Hi, thank you for your response, i am not a hacker or do i have the knowledge to hack something, i have extensive IT knowledge but not that extensive. If you consider that this vulnerability is dangerous and you know what it is about then you have my permission to submit it.
This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.