How to fix CVE-2025-64487?

Within 24 hours: Audit current Outline deployment version and identify all instances running versions prior to 1.1.0; restrict Outline access to essential personnel only and review recent user/group membership changes for unauthorized modifications. Within 7 days: Implement network segmentation to limit Outline access to specific user groups; monitor all group and membership management activities with enhanced logging; prepare communications to stakeholders about exposure. Within 30 days: Upgrade to Outline 1.1.0 or later as soon as available; conduct full access review and audit of administrative roles; implement principle of least privilege for all Outline users.

Is Outline affected by CVE-2025-64487?

A privilege escalation vulnerability in Outline document management system (CVE-2025-64487) could allow authenticated users to gain unauthorized administrative access through inconsistent authorization checks.

CVE-2025-64487

HIGH

2026-02-11 [email protected]

7.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 21:16 nvd

HIGH 7.6

Description

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

Analysis

Technical Context

Classified as CWE-269 (Improper Privilege Management). Affects Outline. Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

Affected Products

Vendor: Getoutline. Product: Outline. Versions: up to 1.1.0.

Remediation

Fixed in version 1.1.0.. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-64487 vulnerability details – vuln.today

Back

CVE-2025-64487

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-64487

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code