CVE-2025-53827
Received Received - Intake

Remote Code Execution in ownCloud Core

Vulnerability report for CVE-2025-53827, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functionality to execute arbitrary code. This issue has been fixed in version 10.15.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
owncloud core to 10.15.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-749 The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability CVE-2025-53827 affects ownCloud Core versions before 10.15.3, specifically in the Updater component. It involves an exposed dangerous method or function that can be exploited by attackers who already have administrative privileges.

This exposure allows such attackers to execute arbitrary code on the server, potentially compromising the system.

Impact Analysis

If exploited, this vulnerability allows an attacker with administrative privileges to execute arbitrary code on the ownCloud server.

This can lead to full compromise of the server, including unauthorized access, data manipulation, or disruption of services.

The risk is considered high, with a CVSS v3 base score of 9.1, indicating severe impact on confidentiality, integrity, and availability.

Detection Guidance

Detection of this vulnerability involves identifying if the ownCloud Core server is running a version prior to 10.15.3, specifically versions of ownCloud 10 before 10.15.3 where the Updater component contains an exposed dangerous method or function.

You can check the ownCloud version installed on your system by running the following command on the server hosting ownCloud:

  • sudo -u www-data php /path/to/owncloud/occ status

Replace "/path/to/owncloud/" with the actual path to your ownCloud installation. This command outputs the current ownCloud version.

If the version is earlier than 10.15.3, your system is vulnerable.

Mitigation Strategies

To mitigate this vulnerability immediately, you should upgrade your ownCloud Core server to version 10.15.3 or later, where the issue has been fixed.

If upgrading immediately is not possible, you can disable the ownCloud Updater component to prevent exploitation of the exposed dangerous method or function.

Ensure that only trusted administrators have access to the ownCloud administrative functions, as the vulnerability requires administrative privileges to be exploited.

Compliance Impact

The vulnerability in ownCloud Core allows attackers with administrative privileges to execute arbitrary code due to an exposed dangerous method or function in the Updater component. This can lead to unauthorized access, data manipulation, or data breaches.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality, integrity, and availability.

Organizations using vulnerable versions of ownCloud may face increased risk of non-compliance due to the possibility of data exposure or compromise resulting from this vulnerability.

To maintain compliance, it is critical to remediate this vulnerability by upgrading to ownCloud version 10.15.3 or later, or by disabling the ownCloud Updater.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53827. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart