Plattform
other
Komponente
outline
Behoben in
1.0.2
CVE-2025-64487 describes a privilege escalation vulnerability discovered in Outline, a collaborative documentation service. This flaw allows attackers to gain elevated privileges by exploiting inconsistencies in authorization checks within the user and group management endpoints. Versions of Outline prior to 1.1.0 are affected, and a patch is available in version 1.1.0.
An attacker exploiting this vulnerability could bypass authorization controls and gain administrative access to Outline instances. This could allow them to modify documents, manage users and groups, and potentially compromise the entire collaborative workspace. The impact is particularly severe as it allows for complete control over the document management system, potentially leading to data breaches, unauthorized modifications, and disruption of collaborative workflows. The ability to manipulate user and group permissions represents a significant security risk, especially in environments where sensitive information is shared within Outline.
This CVE was published on 2026-02-11. There is no indication of active exploitation or inclusion in the CISA KEV catalog at the time of writing. No public proof-of-concept exploits are currently known. The vulnerability's impact hinges on an attacker's ability to interact with the user and group management endpoints, making it potentially attractive to targeted attacks.
Organizations utilizing Outline for collaborative documentation, particularly those with shared user accounts or complex group structures, are at risk. Environments with legacy configurations or those lacking robust access control policies are especially vulnerable.
disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-64487 is to upgrade Outline to version 1.1.0 or later, which contains the necessary fixes. If an immediate upgrade is not feasible, consider implementing stricter access controls and regularly auditing user and group permissions to detect any unauthorized changes. While a direct workaround is not available, limiting the scope of user privileges and closely monitoring activity can help reduce the potential impact. After upgrading, confirm the fix by attempting to access administrative functions with a standard user account; access should be denied.
Aktualisieren Sie Outline auf Version 1.1.0 oder höher. Diese Version behebt die Privilege Escalation Vulnerability in der Dokumentenverwaltung. Das Update stellt sicher, dass die Autorisierungsprüfungen zwischen den Benutzer- und Gruppenverwaltungs-Endpunkten konsistent sind.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-64487 is a vulnerability in Outline versions prior to 1.1.0 that allows attackers to escalate privileges by exploiting inconsistent authorization checks in user and group management.
You are affected if you are using Outline version 1.0.1 or earlier. Upgrade to 1.1.0 to resolve the issue.
Upgrade Outline to version 1.1.0 or later. This version includes the necessary fixes to address the privilege escalation vulnerability.
There are currently no confirmed reports of active exploitation, but it's crucial to apply the patch proactively.
Refer to the official Outline security advisory for detailed information and updates regarding CVE-2025-64487.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.