ownCloud Core Updater Remote Code Exec before 10.15.3
CVE-2025-53827 Published on July 6, 2026
ownCloud Core: Updater has an exposed dangerous method or function
ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage functionality to execute arbitrary code. This issue has been fixed in version 10.15.3.
Vulnerability Analysis
CVE-2025-53827 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Exposed Dangerous Method or Function
The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Products Associated with CVE-2025-53827
Want to know whenever a new CVE is published for ownCloud? stack.watch will email you.