CVE-2025-53827
ownCloud Core: Updater has an exposed dangerous method or function
CVSS Score
9.1
EPSS Score
0.3%
EPSS Percentile
26th
ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functionality to execute arbitrary code. This issue has been fixed in version 10.15.3.
| CWE | CWE-749 |
| Vendor | owncloud |
| Product | owncloud core |
| Published | Jul 6, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for owncloud owncloud core
Be the first to know when new critical vulnerabilities affecting owncloud owncloud core are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
owncloud / ownCloud Core
< 10.15.3