Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (GitHub_M) · only source for this CVE.
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Anti-Virus for ownCloud is an anti-virus application for file storage, synchronization, and sharing application ownCloud. Versions of Anti-Virus for ownCloud before 1.2.3 are vulnerable to Server-Side Request Forgery (SSRF). This corresponds to versions of ownCloud 10 prior to 10.15.3. Upgrade ownCloud 10 to version 10.15.3 or later or upgrade Anti-Virus for ownCloud 10 to version 1.2.3 or later to receive a fix.
AnalysisAI
Server-Side Request Forgery in the Anti-Virus for ownCloud extension (versions before 1.2.3, shipping with ownCloud 10 prior to 10.15.3) lets an authenticated high-privileged user coerce the server into issuing attacker-controlled requests, with a scope-changed CVSS of 9.1 reflecting reach into internal systems. The flaw was reported through ownCloud's security advisory program (GHSA-3wg4-mg27-hj4w); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. A vendor-released patch exists: Anti-Virus for ownCloud 1.2.3 / ownCloud 10.15.3.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210434