CVE-2025-0525: In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide...

2.3 CVSS

Description

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.

Classification

CVE ID: CVE-2025-0525

CVSS Base Severity: LOW

CVSS Base Score: 2.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor: Octopus Deploy

Product: Octopus Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.94% (scored less or equal to compared to others)

EPSS Date: 2025-03-12 (when was this score calculated)

References

https://advisories.octopus.com/post/2024/sa2025-02/

Timeline

2025-02-12 00:31:34 UTC
CVE

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide...