diff --git a/changelog/unreleased/41539 b/changelog/unreleased/41539
new file mode 100644
index 000000000000..5a2a4364ff21
--- /dev/null
+++ b/changelog/unreleased/41539
@@ -0,0 +1,5 @@
+Fix: Use the correct user ID when changing email via admin API
+
+The admin API endpoint for changing a user's email address was incorrectly using the requesting admin's user ID instead of the target user's ID, causing the admin's email to be updated rather than the intended user's.
+
+https://github.com/owncloud/core/pull/41539
\ No newline at end of file
diff --git a/settings/Controller/UsersController.php b/settings/Controller/UsersController.php
index 955c9e5ec07e..b688e0fd554b 100644
--- a/settings/Controller/UsersController.php
+++ b/settings/Controller/UsersController.php
@@ -972,7 +972,7 @@ public function setMailAddress($id, $mailAddress) {
 
 		// admins can set email without verification
 		if ($mailAddress === '' || $this->isAdmin) {
-			$this->setEmailAddress($userId, $mailAddress);
+			$this->setEmailAddress($id, $mailAddress);
 			return new DataResponse(
 				[
 					'status' => 'success',
diff --git a/tests/Settings/Controller/UsersControllerTest.php b/tests/Settings/Controller/UsersControllerTest.php
index 11c378045625..aff872116e92 100644
--- a/tests/Settings/Controller/UsersControllerTest.php
+++ b/tests/Settings/Controller/UsersControllerTest.php
@@ -2183,28 +2183,31 @@ public function setEmailAddressData(): array {
 	 * @param string $mailAddress
 	 * @param bool $isValid
 	 * @param bool $expectsUpdate
-	 * @param bool $chanChangeMailAddress
+	 * @param bool $canChangeMailAddress
 	 * @param bool $responseCode
 	 */
-	public function testSetEmailAddress($mailAddress, $isValid, $expectsUpdate, $chanChangeMailAddress, $responseCode): void {
+	public function testSetEmailAddress($mailAddress, $isValid, $expectsUpdate, $canChangeMailAddress, $responseCode): void {
 		$this->container['IsAdmin'] = true;
 
-		$user = $this->getMockBuilder(User::class)
-			->disableOriginalConstructor()->getMock();
-		$user
-			->method('getUID')
-			->willReturn('foo');
-		$user
-			->method('getEMailAddress')
-			->willReturn('foo@local');
-		$user
-			->method('canChangeMailAddress')
-			->willReturn($chanChangeMailAddress);
-		$user
-			->method('setEMailAddress')
-			->with(
-				$this->equalTo($mailAddress)
-			);
+		$user = $this->createMock(User::class);
+		$user->method('getUID')->willReturn('foo');
+		$user->method('getEMailAddress')->willReturn('foo@local');
+		$user->method('canChangeMailAddress')->willReturn($canChangeMailAddress);
+		$user->expects($this->never())->method('setEmailAddress');
+
+		$user2 = $this->createMock(User::class);
+		$user2->method('getUID')->willReturn('anotherUserId');
+		$user2->method('getEMailAddress')->willReturn('another@local');
+		$user2->method('canChangeMailAddress')->willReturn($canChangeMailAddress);
+
+		if ($isValid && $canChangeMailAddress) {
+			$user2
+				->expects($this->once())
+				->method('setEMailAddress')
+				->with(
+					$this->equalTo($mailAddress)
+				);
+		}
 
 		$this->container['UserSession']
 			->expects($this->atLeastOnce())
@@ -2215,24 +2218,28 @@ public function testSetEmailAddress($mailAddress, $isValid, $expectsUpdate, $cha
 			->with($mailAddress)
 			->willReturn($isValid);
 
-		if ($isValid) {
-			$user->expects($this->atLeastOnce())
-				->method('canChangeMailAddress')
-				->willReturn(true);
-		}
-
 		$this->container['Config']
 			->method('getUserValue')
-			->with('foo', 'owncloud', 'changeMail')
-			->willReturn('12000:AVerySecretToken');
+			->willReturnMap([
+				['foo', 'owncloud', 'changeMail', '12000:AVerySecretToken'],
+				['anotherUserId', 'owncloud', 'changeMail', '120:ASecretToken'],
+			]);
 		$this->container['TimeFactory']
 			->method('getTime')
 			->willReturnOnConsecutiveCalls(12301, 12348);
 		$this->container['UserManager']
 			->expects($this->atLeastOnce())
 			->method('get')
-			->with('foo')
-			->willReturn($user);
+			->willReturnCallback(function ($id) use ($user, $user2) {
+				switch($id) {
+					case "foo":
+						return $user;
+					case "anotherUserId":
+						return $user2;
+					default:
+						return null;
+				}
+			});
 		$this->container['SecureRandom']
 			->method('generate')
 			->with('21')
@@ -2265,7 +2272,7 @@ public function testSetEmailAddress($mailAddress, $isValid, $expectsUpdate, $cha
 			->method('send')
 			->with($message);
 
-		$response = $this->container['UsersController']->setMailAddress($user->getUID(), $mailAddress);
+		$response = $this->container['UsersController']->setMailAddress("anotherUserId", $mailAddress);
 		$this->assertSame($responseCode, $response->getStatus());
 	}