CVE-2025-58351

Name of the Vulnerable Software and Affected Versions Outline versions 0.72.0 through 0.83.0

Description Outline, a collaborative documentation service, introduced a local file system storage feature in versions 0.72.0 through 0.83.0. This feature introduced a Content-Type bypass and a Cross-Site Scripting (CSP) bypass. When self-hosted and using FILE STORAGE=local on the same domain as the Outline application, a malicious payload could be uploaded as a file attachment, bypassing CSP restrictions and enabling script execution within another user’s context.

Recommendations Update to version 0.84.0 or later.