Platform
other
Component
outline
Fixed in
1.0.2
CVE-2025-64487 describes a privilege escalation vulnerability discovered in Outline, a collaborative documentation service. This flaw allows attackers to gain elevated privileges by exploiting inconsistencies in authorization checks within the user and group management endpoints. Versions of Outline prior to 1.1.0 are affected, and a patch is available in version 1.1.0.
Successful exploitation of CVE-2025-64487 could allow an attacker to gain unauthorized access to sensitive documents and control over the Outline instance. An attacker could potentially modify or delete documents, create or modify user accounts, and manipulate group memberships. This could lead to data breaches, denial of service, and complete compromise of the collaborative documentation environment. The blast radius extends to all users and data stored within the affected Outline instance.
The vulnerability was publicly disclosed on 2026-02-11. Currently, there are no known public proof-of-concept exploits available. The EPSS score is pending evaluation. It is not listed on the CISA KEV catalog at the time of this writing.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-64487 is to upgrade Outline to version 1.1.0 or later, which contains the necessary authorization fixes. If an immediate upgrade is not possible, consider implementing stricter access controls and monitoring user activity for suspicious behavior. While a direct workaround isn't available, regularly reviewing user and group permissions can help identify and prevent unauthorized access. After upgrading, confirm the fix by attempting to manipulate user or group permissions with a low-privilege account; successful access indicates the vulnerability persists.
Update Outline to version 1.1.0 or higher. This version corrects the privilege escalation vulnerability in document management. The update ensures that authorization checks are consistent between user and group membership management endpoints.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-64487 is a vulnerability in Outline versions prior to 1.1.0 that allows attackers to escalate privileges by exploiting inconsistent authorization checks in user and group management.
You are affected if you are using Outline version 1.0.1 or earlier. Upgrade to 1.1.0 to resolve the issue.
Upgrade Outline to version 1.1.0 or later. This version includes the necessary fixes to address the privilege escalation vulnerability.
There are currently no confirmed reports of active exploitation, but it's crucial to apply the patch proactively.
Refer to the official Outline security advisory for detailed information and updates regarding CVE-2025-64487.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.