{"id":"CVE-2025-58351","summary":"Outline's Local File Storage Feature can Cause CSP Bypass","details":"Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that might facilitate further attacks. In the case of self-hosting and using Outline FILE_STORAGE=local on the same domain as the Outline application, a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions, allowing script execution within the context of another user. This is fixed in version 0.84.0.","aliases":["GHSA-gcj7-c9jv-fhgf"],"modified":"2026-04-10T05:31:26.130009Z","published":"2025-09-03T03:20:54.579Z","database_specific":{"cwe_ids":["CWE-79"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58351.json"},"references":[{"type":"WEB","url":"https://github.com/outline/outline/releases/tag/v0.84.0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58351.json"},{"type":"ADVISORY","url":"https://github.com/outline/outline/security/advisories/GHSA-gcj7-c9jv-fhgf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58351"},{"type":"FIX","url":"https://github.com/outline/outline/commit/18bc93c9c207329244c6909606a2393e863892a3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/outline/outline","events":[{"introduced":"56cae8a54563c0cd3b2dd28d64baa184a45c490f"},{"fixed":"8ab0c6ff484f02b5d97e130b20376a17dd4546cc"}]}],"versions":["v0.72.0","v0.73.0","v0.73.1","v0.75.0","v0.75.1","v0.75.2","v0.76.0","v0.76.0-0","v0.76.0-1","v0.76.0-2","v0.76.1","v0.76.2-0","v0.77.0","v0.77.1","v0.78.0-0","v0.79.0","v0.79.1","v0.80.0","v0.80.1","v0.80.2","v0.82.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58351.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"}]}