CVE-2025-0513
Last modified
CVE-2025-0513 is a low-severity vulnerability rated 1.8/10 on the CVSS scale. In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Octopus | Octopus Server | >= 2024.3.164, < 2024.3.12985 |
| Octopus | Octopus Server | >= 2024.4.401, < 2024.4.6962 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-0513?
How severe is CVE-2025-0513?
How do I fix CVE-2025-0513?
Are you affected by CVE-2025-0513?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST