๐Ÿ” CVE Alert

CVE-2025-53827

CRITICAL 9.1

ownCloud Core: Updater has an exposed dangerous method or function

CVSS Score
9.1
EPSS Score
0.3%
EPSS Percentile
26th

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functionality to execute arbitrary code. This issue has been fixed in version 10.15.3.

CWE CWE-749
Vendor owncloud
Product owncloud core
Published Jul 6, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for owncloud owncloud core

Be the first to know when new critical vulnerabilities affecting owncloud owncloud core are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

owncloud / ownCloud Core
< 10.15.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/owncloud/security-advisories/security/advisories/GHSA-hvcx-ph66-mmvw