ownCloud 10 Path Traversal Allowing Admin Arbitrary Code Exec, Fixed in 10.15.3
CVE-2025-53829 Published on July 6, 2026
ownCloud 10 is vulnerable to Relative Path Traversal
ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive a patch.
Vulnerability Analysis
CVE-2025-53829 can be exploited with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Relative Path Traversal
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Products Associated with CVE-2025-53829
Want to know whenever a new CVE is published for ownCloud? stack.watch will email you.