Cyber Posture

CVE-2025-0525

High

Published: 11 February 2025

Published
11 February 2025
Modified
02 July 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0024 47.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0525 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Octopus Octopus Server. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AU-13 (Monitoring for Information Disclosure).

Threat & Defense at a Glance

What attackers do: exploitation maps to File and Directory Discovery (T1083). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring identification, reporting, and timely remediation of the information disclosure flaw in the preview import feature.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Prohibits unauthenticated access to features like preview import that could disclose file existence information.

AU-13 Monitoring for Information Disclosure good match
detect

Monitors for unauthorized disclosures such as those enabled by the preview import feature's file existence oracle.

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
Why these techniques?

Vulnerability directly enables remote file existence checks on the server via the preview import feature, mapping to File and Directory Discovery.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.

Deeper analysisAI

CVE-2025-0525 is an information disclosure vulnerability in affected versions of Octopus Server, where the preview import feature can be abused to detect the existence of a target file on the server. This issue, classified under CWE-200, enables adversaries to gather sensitive reconnaissance data. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and was published on 2025-02-11T10:15:09.490.

Unauthenticated attackers with network access to the Octopus Server can exploit this vulnerability remotely with low complexity and no user interaction. Exploitation confirms the presence or absence of specific files, yielding information that may assist in planning further attacks against the server, though it does not directly enable data modification, execution, or denial of service.

The official advisory provides details on mitigation and patching; refer to https://advisories.octopus.com/post/2024/sa2025-02/ for affected versions, patch information, and recommended actions.

Details

CWE(s)
CWE-200

Affected Products

octopus
octopus server
2020.6.4592 — 2024.3.13007 · 2024.4.401 — 2024.4.6995

CVEs Like This One

CVE-2026-0704Same product: Linux Linux Kernel
CVE-2026-0905Same product: Linux Linux Kernel
CVE-2025-14915Same product: Linux Linux Kernel
CVE-2025-52452Same product: Linux Linux Kernel
CVE-2026-3774Same product: Microsoft Windows
CVE-2025-23316Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel
CVE-2025-69276Same product: Linux Linux Kernel
CVE-2025-69272Same product: Linux Linux Kernel
CVE-2025-23310Same product: Linux Linux Kernel

References