CVE-2025-0525

Low CVSS: 2.3

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.

Vendor

Octopus

Product

Octopus Server

CWE

CWE-200

Yayın Tarihi

2025-02-11 10:15:09

Güncelleme

2025-07-02 17:24:44

Source Identifier

security@octopus.com

KEV Date Added

Kategoriler

CWE-200 Octopus Server LOW Octopus 2025

Referanslar

https://advisories.octopus.com/post/2024/sa2025-02/

Benzer Kayıtlar

Low

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change…

Low

CVE-2026-3236

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting i…

Medium

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API…

Medium

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests th…

Medium

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all se…

Low

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could con…