CVE-2025-53829
Received Received - Intake

Path Traversal in ownCloud 10 Prior to 10.15.3

Vulnerability report for CVE-2025-53829, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
owncloud owncloud to 10.15.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate the CVE-2025-53829 vulnerability in ownCloud 10, you should upgrade your ownCloud installation to version 10.15.3 or later.

This update patches the relative path traversal vulnerability that allows attackers with administrative privileges to execute arbitrary code.

Executive Summary

CVE-2025-53829 is a Relative Path Traversal vulnerability in ownCloud 10 versions prior to 10.15.3. It allows an attacker with administrative privileges to exploit improper handling of file path inputs containing sequences like "..". This flaw enables the attacker to access directories outside the intended restricted path, leading to the execution of arbitrary code on the system.

Impact Analysis

This vulnerability can have severe impacts including unauthorized execution of arbitrary code by an attacker with administrative privileges. It affects the confidentiality, integrity, and availability of the system by allowing the attacker to potentially access sensitive data, modify or delete files, and disrupt normal operations.

Detection Guidance

This vulnerability affects ownCloud 10 versions prior to 10.15.3 and involves a relative path traversal flaw exploitable by users with administrative privileges. Detection involves verifying the ownCloud version in use to determine if it is vulnerable.

To detect if your ownCloud installation is vulnerable, you can check the version by running the following command on the server hosting ownCloud:

  • php occ status

This command outputs the current ownCloud version. If the version is earlier than 10.15.3, the system is vulnerable.

Additionally, monitoring for suspicious administrative activity or unexpected file system access patterns involving path traversal sequences (e.g., "..") in logs may help detect exploitation attempts, but no specific detection commands or signatures are provided.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart