CVE-2025-53828 (GCVE-0-2025-53828)

Vulnerability from cvelistv5 – Published: 2026-07-06 14:41 – Updated: 2026-07-06 14:41
VLAI
Title
SharePoint for ownCloud 10 is vulnerable to Server-Side Request Forgery (SSRF)
Summary
SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a SSRF vulnerability in the SharePoint app to execute arbitrary code on the system. Upgrade ownCloud 10 to version 10.15.3 or later to receive SharePoint for ownCloud 0.4.1, the fixed version.
CWE
  • CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "SharePoint",
          "vendor": "owncloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.1"
            }
          ]
        },
        {
          "product": "ownCloud 10",
          "vendor": "owncloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 10.15.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a SSRF vulnerability in the SharePoint app to execute arbitrary code on the system. Upgrade ownCloud 10 to version 10.15.3 or later to receive SharePoint for ownCloud 0.4.1, the fixed version."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-06T14:41:55.647Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/owncloud/security-advisories/security/advisories/GHSA-4m66-rpfj-m5f6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/owncloud/security-advisories/security/advisories/GHSA-4m66-rpfj-m5f6"
        }
      ],
      "source": {
        "advisory": "GHSA-4m66-rpfj-m5f6",
        "discovery": "UNKNOWN"
      },
      "title": "SharePoint for ownCloud 10 is vulnerable to Server-Side Request Forgery (SSRF)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53828",
    "datePublished": "2026-07-06T14:41:55.647Z",
    "dateReserved": "2025-07-09T14:14:52.530Z",
    "dateUpdated": "2026-07-06T14:41:55.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-53828\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-07-06T16:16:26.903\",\"lastModified\":\"2026-07-06T18:23:21.287\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use a SSRF vulnerability in the SharePoint app to execute arbitrary code on the system. Upgrade ownCloud 10 to version 10.15.3 or later to receive SharePoint for ownCloud 0.4.1, the fixed version.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"owncloud\",\"product\":\"SharePoint\",\"versions\":[{\"version\":\"\u003c 0.4.1\",\"status\":\"affected\"}]},{\"vendor\":\"owncloud\",\"product\":\"ownCloud 10\",\"versions\":[{\"version\":\"\u003c 10.15.3\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/owncloud/security-advisories/security/advisories/GHSA-4m66-rpfj-m5f6\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…