Skip to main content

Owncloud Core

1 CVEs product

Monthly

CVE-2025-53827 CRITICAL PATCH Act Now

Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.

RCE Owncloud Core
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Arbitrary code execution in ownCloud Core (ownCloud 10 Classic server, all versions before 10.15.3) allows an administrator to abuse an exposed dangerous method in the Updater component to run code on the server host. Any actor holding administrative credentials - legitimately, or via session hijack/credential theft/CSRF against an admin - can convert web-app admin rights into full server compromise. No public exploit identified at time of analysis and it is not listed in CISA KEV; the vendor-issued GHSA-hvcx-ph66-mmvw advisory and the fix in 10.15.3 are the primary confirmation.

RCE Owncloud Core
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy