CVE-2025-58351 MEDIUM

CVE-2025-58351: Outline's Local File Storage Feature can Cause CSP Bypass

Vendor Outline
Product outline
Weakness CWE-79 · XSS
Published September 3, 2025
Last update September 3, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that might facilitate further attacks. In the case of self-hosting and using Outline FILE_STORAGE=local on the same domain as the Outline application, a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions, allowing script execution within the context of another user. This is fixed in version 0.84.0.

Key dates

02Disclosure timeline

September 3, 2025 CVE published
September 3, 2025 Record updated