CVE-2025-0539

Medium CVSS: 5.9

In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.

Vendor

Octopus

Product

Octopus Server

CWE

CWE-918

Yayın Tarihi

2025-04-10 06:15:53

Güncelleme

2025-07-02 17:23:54

Source Identifier

security@octopus.com

KEV Date Added

Kategoriler

CWE-918 Octopus Server MEDIUM Octopus 2025

Referanslar

https://advisories.octopus.com/post/2025/sa2025-06

Benzer Kayıtlar

Low

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change…

Low

CVE-2026-3236

In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting i…

Medium

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API…

Medium

CVE-2025-0588

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all se…

Low

CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could con…

Low

CVE-2025-0526

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API…