XSS in Linux Linux_kernel
CVE-2025-0513
In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (13.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Linux Linux_kernel
- Microsoft Windows
- Octopus Octopus_server
- Octopus Deploy Server — versions 2024.3.164, 2024.4.401
Weakness classification (CWE)
References
- security@octopus.com (Broken Link)
Frequently asked questions
- What is CVE-2025-0513?
- CVE-2025-0513 is a medium-severity vulnerability in Linux Linux_kernel, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2025-02-11.
- How severe is CVE-2025-0513?
- Medium severity. CVSS v3 base score is 5.4 out of 10.