anonhaven
Ad

CVE-2025-0525

LOW CVSS 4.0: 2.3 EPSS 0.24%
Updated Jul 02, 2025
Linux
Parameter Value
CVSS 2.3 (LOW)
Affected Versions 2020.6.4592 — 2024.4.6995
Fixed In 2024.3.13007
Type CWE-200 (Information Exposure)
Vendor Linux
Public PoC No

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-200 Information Exposure

Vulnerable Products 4

Configuration From (including) Up to (excluding)
Octopus Octopus_Server
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
 2020.6.4592 2024.3.13007
Octopus Octopus_Server
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
 2024.4.401 2024.4.6995
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Microsoft Windows
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References 1

https://advisories.octopus.com/post/2024/sa2025-02/
security@octopus.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31685

Linux

None

CVE-2026-31684

Linux

None

CVE-2026-31683

Linux

None

CVE-2026-31682

Linux

None

CVE-2026-31681

Linux

None