CVE-2025-0539 Information

Description

In affected Microsoft Windows versions of Octopus Deploy the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself.

Reference

https://advisories.octopus.com/post/2025/sa2025-06