Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-0513
CVE-2025-0513:
Octopus Deploy vulnerability analysis and mitigation
Overview
In affected versions of Octopus Server, a vulnerability was discovered related to unsafe handling of error messages on the error page. The vulnerability was assigned CVE-2025-0513 and was disclosed on February 11, 2025. The vulnerability affects Octopus Server installations and is classified as a Cross-site Scripting (XSS) vulnerability (NVD).
Technical details
The vulnerability is characterized by improper neutralization of input during web page generation, specifically in the error page functionality. It has been assigned CWE-79 (Cross-site Scripting). The CVSS v4.0 score is 1.8 (LOW) with the vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N, indicating a low-severity vulnerability requiring high attack complexity and high privileges (NVD).
Impact
If an adversary could control any part of the error message, they could potentially embed malicious code which may impact users viewing the error message. The vulnerability has low severity ratings for Confidentiality (VC:L), Integrity (VI:L), and Availability (VA:L) impacts (NVD).
Additional resources
Source: This report was generated using AI
Related Octopus Deploy vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management