Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that might facilitate further attacks. In the case of self-hosting and using Outline FILE_STORAGE=local on the same domain as the Outline application, a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions, allowing script execution within the context of another user. This is fixed in version 0.84.0.
History

Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Getoutline
Getoutline outline
Vendors & Products Getoutline
Getoutline outline

Wed, 03 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 03:45:00 +0000

Type Values Removed Values Added
Description Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that might facilitate further attacks. In the case of self-hosting and using Outline FILE_STORAGE=local on the same domain as the Outline application, a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions, allowing script execution within the context of another user. This is fixed in version 0.84.0.
Title Outline's Local File Storage Feature can Cause CSP Bypass
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-03T15:44:28.350Z

Reserved: 2025-08-29T16:19:59.009Z

Link: CVE-2025-58351

cve-icon Vulnrichment

Updated: 2025-09-03T13:47:01.116Z

cve-icon NVD

Status : Received

Published: 2025-09-03T04:16:05.803

Modified: 2025-09-03T04:16:05.803

Link: CVE-2025-58351

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-03T20:27:08Z