CVE-2025-0526

Low CVSS: 2.3

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.

Vendor

Octopus

Product

Octopus Server

CWE

CWE-862

Yayın Tarihi

2025-02-11 11:15:15

Güncelleme

2025-07-02 17:23:30

Source Identifier

security@octopus.com

KEV Date Added

Kategoriler

CWE-862 Octopus Server LOW Octopus 2025

Referanslar

https://advisories.octopus.com/post/2024/sa2025-03/ https://advisories.octopus.com/post/2025/sa2025-03/

Benzer Kayıtlar

Low

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change…

Low

CVE-2026-3236

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting i…

Medium

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API…

Medium

CVE-2025-0539

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests th…

Medium

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all se…

Low

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could con…