Arbitrary Code Execution Vulnerability in ownCloud Core Software
CVE-2025-53827

9.1CRITICAL

Key Information:

Vendor

Owncloud

Vendor
CVE Published:
6 July 2026

What is CVE-2025-53827?

An important vulnerability exists in the ownCloud Core component, particularly in the Updater feature found in versions prior to 10.15.3. This flaw allows attackers with administrative privileges to exploit an exposed method, potentially enabling them to execute arbitrary code on the server. The issue has been resolved in version 10.15.3, emphasizing the importance of regular updates to mitigate security risks. Users are strongly advised to update to the latest version to protect their data and systems.

Affected Version(s)

ownCloud Core < 10.15.3

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.