A high-severity Server-Side Request Forgery (SSRF) vulnerability has been disclosed in the SharePoint app for ownCloud 10, potentially allowing attackers with administrative privileges to execute arbitrary code on affected systems.
Tracked as CVE-2025-53828, the flaw carries a CVSS v3.1 base score of 8.5, reflecting its serious impact on confidentiality, integrity, and availability.
The vulnerability was published as GHSA-4m66-rpfj-m5f6 by GitHub security researcher kw-fscheuer two weeks ago, with credit for discovery going to researcher qiushui via the YesWeHack bug bounty platform.
The flaw is classified under CWE-918 (Server-Side Request Forgery), a weakness class where a web application accepts a URL or similar input from an upstream component and fetches its contents without properly validating the destination.
In SharePoint for ownCloud, this insufficient validation creates a pathway for attackers to redirect server-side requests toward internal or unintended endpoints.
According to the advisory, “attackers with administrative privileges can use a SSRF vulnerability in the SharePoint app to execute arbitrary code on the system.” This means the flaw isn’t just an information-disclosure risk typical of many SSRF bugs it escalates to full remote code execution (RCE), making it significantly more dangerous.
The vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H reveals several important attack characteristics:
- Attack vector is network-based, meaning exploitation doesn’t require local access.
- Attack complexity is high, suggesting the exploit requires specific conditions or preparation.
- Privileges required are low, though administrative access is still needed per the description.
- No user interaction is necessary, removing reliance on social engineering.
- The scope is changed, indicating the vulnerability can impact resources beyond its own security authority.
- Confidentiality, integrity, and availability impacts are all rated high, underscoring the severity if successfully exploited.
Affected Versions and Patch Details
The vulnerability affects two components:
- SharePoint for ownCloud versions prior to 0.4.1
- ownCloud 10 versions prior to 10.15.3
Both components have been patched. Organizations running SharePoint for ownCloud should upgrade to version 0.4.1 or later, while ownCloud 10 deployments must move to version 10.15.3 or later to fully remediate the risk.
ownCloud remains a widely deployed self-hosted file sync and collaboration platform, particularly among organizations with strict data sovereignty requirements.
The SharePoint integration extends this functionality by connecting to Microsoft SharePoint environments, making it a common target in enterprise deployments that bridge on-premises storage with cloud collaboration tools.
Given the RCE potential, unpatched instances could allow attackers who’ve already obtained administrative credentials through phishing, credential stuffing, or prior compromise to pivot deeper into internal networks.
SSRF vulnerabilities are frequently used to reach cloud metadata services, internal APIs, or other systems not intended to be internet-facing, amplifying the blast radius of an initial compromise.
Mitigation
Security teams managing ownCloud deployments should prioritize the following:
- Apply the patched versions immediately across all instances.
- Audit administrative account access and rotate credentials where compromise is suspected.
- Review outbound request logs from SharePoint app components for anomalous internal network calls.
- Restrict administrative privileges using least-privilege principles to reduce exploitation surface.
With no public proof-of-concept currently circulating, organizations have a narrow window to patch before technical exploitation details potentially emerge.