CVE-2025-53828

HIGH

SharePoint for ownCloud < 0.4.1 - Admin Server-Side Request Forgery

Title source: manual
STIX 2.1

Description

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a SSRF vulnerability in the SharePoint app to execute arbitrary code on the system. Upgrade ownCloud 10 to version 10.15.3 or later to receive SharePoint for ownCloud 0.4.1, the fixed version.

References (1)

Core 1
Core References

Scores

CVSS v3 8.5
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-918
Status published
Products (2)
owncloud/ownCloud 10 < 10.15.3
owncloud/SharePoint < 0.4.1
Published Jul 06, 2026
Tracked Since Jul 06, 2026