CVE-2025-0513

In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

02 Jul 2025, 17:24

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
First Time Microsoft
Octopus octopus Server
Linux
Microsoft windows
Linux linux Kernel
Octopus
References () https://advisories.octopus.com/post/2024/sa2025-04/ - () https://advisories.octopus.com/post/2024/sa2025-04/ - Broken Link
Summary
  • (es) En las versiones afectadas de Octopus Server, los mensajes de error se gestionaban de forma insegura en la página de error. Si un adversario pudiera controlar cualquier parte del mensaje de error, podría insertar código que podría afectar al usuario que visualiza el mensaje de error.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

11 Feb 2025, 15:15

Type Values Removed Values Added
CWE CWE-79

11 Feb 2025, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-11 11:15

Updated : 2025-07-02 17:24


NVD link : CVE-2025-0513

Mitre link : CVE-2025-0513

CVE.ORG link : CVE-2025-0513


JSON object : View

Products Affected

microsoft

  • windows

octopus

  • octopus_server

linux

  • linux_kernel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')