CVE-2025-0525

Summary

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.

Affected Software

VendorProductVersion RangeStatus
Octopus DeployOctopus Server2020.6.4592 < 2024.3.13007affected
Octopus DeployOctopus Server2024.4.401 < 2024.4.6995affected

Weaknesses

  • File Existence Disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References