ownCloud 10 Path Traversal Allowing Admin Arbitrary Code Exec, Fixed in 10.15.3
CVE-2025-53829 Published on July 6, 2026

ownCloud 10 is vulnerable to Relative Path Traversal
ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive a patch.

NVD

Vulnerability Analysis

CVE-2025-53829 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Relative Path Traversal

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.


Products Associated with CVE-2025-53829

Want to know whenever a new CVE is published for ownCloud? stack.watch will email you.

 

Affected Versions

ownCloud 10 Version < 10.15.3 is affected by CVE-2025-53829