CVE-2025-0513: In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error...

1.8 CVSS

Description

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.

Classification

CVE ID: CVE-2025-0513

CVSS Base Severity: LOW

CVSS Base Score: 1.8

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products

Vendor: Octopus Deploy

Product: Octopus Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://advisories.octopus.com/post/2024/sa2025-04/

Timeline

2025-02-12 00:31:34 UTC
CVE

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error...