anonhaven
Ad

CVE-2025-0513

LOW CVSS 4.0: 1.8 EPSS 0.09%
Updated Jul 02, 2025
Linux
Parameter Value
CVSS 1.8 (LOW)
Affected Versions 2024.3.164 — 2024.4.6962
Fixed In 2024.3.12985
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Linux
Public PoC No

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
High
Admin privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Octopus Octopus_Server
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
 2024.3.164 2024.3.12985
Octopus Octopus_Server
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
 2024.4.401 2024.4.6962
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 1

https://advisories.octopus.com/post/2024/sa2025-04/
security@octopus.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31685

Linux

None

CVE-2026-31684

Linux

None

CVE-2026-31683

Linux

None

CVE-2026-31682

Linux

None

CVE-2026-31681

Linux

None