CVE-2025-0539: SSRF
First published: Thu Apr 10 2025(Updated: )
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.
Credit: security@octopus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octopus Deploy |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0539?
CVE-2025-0539 is considered a high severity vulnerability due to its potential to compromise accounts running Octopus Server.
How do I remediate CVE-2025-0539?
To fix CVE-2025-0539, users should update to the latest version of Octopus Deploy provided by Microsoft.
What does CVE-2025-0539 affect?
CVE-2025-0539 affects Microsoft Windows versions of Octopus Deploy.
Who is at risk from CVE-2025-0539?
Users of Octopus Deploy who are running affected Microsoft Windows versions are at risk from CVE-2025-0539.
What can an attacker do with CVE-2025-0539?
An attacker exploiting CVE-2025-0539 can potentially compromise the account running Octopus Server and the underlying host infrastructure.
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- agent/source
- agent/severity
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/event
- vendor/microsoft
- canonical/octopus deploy