ownCloud Core Updater Remote Code Exec before 10.15.3
CVE-2025-53827 Published on July 6, 2026

ownCloud Core: Updater has an exposed dangerous method or function
ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functionality to execute arbitrary code. This issue has been fixed in version 10.15.3.

NVD

Vulnerability Analysis

CVE-2025-53827 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Exposed Dangerous Method or Function

The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.


Products Associated with CVE-2025-53827

Want to know whenever a new CVE is published for ownCloud? stack.watch will email you.

 

Affected Versions

ownCloud Core Version < 10.15.3 is affected by CVE-2025-53827