← back
CVE-2025-0526

CVE-2025-0526

CVSS 2.3 LOWEPSS 0.3%CWE-862
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
Octopus Deploy · Octopus Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://advisories.octopus.com/post/2024/sa2025-03/https://advisories.octopus.com/post/2025/sa2025-03/