7.6

CVE-2025-64487

EPSS 0.01%
Veröffentlicht 11.02.2026 20:25:41
Zuletzt bearbeitet 20.02.2026 18:17:53
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Getoutline ≫ Outline Version < 1.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.6	2.3	4.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/outline/outline/security/advisories/GHSA-c8xf-3j86-7686

Vendor Advisory

https://github.com/outline/outline/releases/tag/v1.1.0

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-64487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64487

EUVD