Medium severity5.4NVD Advisory· Published Feb 11, 2025· Updated Jun 17, 2026
CVE-2025-0526
CVE-2025-0526
Description
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
Affected products
2Patches
Vulnerability mechanics
References
2- advisories.octopus.com/post/2025/sa2025-03/nvdVendor Advisory
- advisories.octopus.com/post/2024/sa2025-03/nvdBroken Link
News mentions
0No linked articles in our index yet.