CVE-2025-53828
HIGHSharePoint for ownCloud < 0.4.1 - Admin Server-Side Request Forgery
Title source: manualDescription
SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a SSRF vulnerability in the SharePoint app to execute arbitrary code on the system. Upgrade ownCloud 10 to version 10.15.3 or later to receive SharePoint for ownCloud 0.4.1, the fixed version.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/owncloud/security-advisories/security/advisories/GHSA-4m66-rpfj-m5f6
Scores
CVSS v3
8.5
EPSS
0.0023
EPSS Percentile
14.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-918
Status
published
Products (2)
owncloud/ownCloud 10
< 10.15.3
owncloud/SharePoint
< 0.4.1
Published
Jul 06, 2026
Tracked Since
Jul 06, 2026