Outline is vulnerable to privilege escalation vulnerability in document sharing

7.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Description

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

Basic Information

ID CVE-2025-64487

Source GitHub_M

Published Feb 11, 2026 at 20:25

Affected Product

Vendor outline

Product outline

Version <= 1.0.1

Affected Versions outline outline <= 1.0.1

CWE Classification

CWE-269

References

{
    "lastseen": "",
    "description": "Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.",
    "published": "2026-02-11T20:25:41.719Z",
    "modified": "2026-02-11T20:25:41.719Z",
    "type": "cve",
    "title": "Outline is vulnerable to privilege escalation vulnerability in document sharing",
    "source": "GitHub_M",
    "references": "https://github.com/outline/outline/security/advisories/GHSA-c8xf-3j86-7686\nhttps://github.com/outline/outline/releases/tag/v1.1.0",
    "id": "CVE-2025-64487",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "outline outline <= 1.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "outline",
    "version": "<= 1.0.1",
    "vendor": "outline",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Outline is vulnerable to privilege escalation vulnerability in document sharing_CVE-2025-64487