What is the CVSS score of CVE-2025-64487?

CVE-2025-64487 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Outline are affected by CVE-2025-64487?

A privilege escalation vulnerability in Outline document management system (CVE-2025-64487) could allow authenticated users to gain unauthorized administrative access through inconsistent…

How to fix or mitigate CVE-2025-64487?

Within 24 hours: Audit current Outline deployment version and identify all instances running versions prior to 1.1.0; restrict Outline access to essential personnel only and review recent user/group membership changes for unauthorized modifications. Within 7 days: Implement network segmentation to limit Outline access to specific user groups; monitor all group and membership management activities with enhanced logging; prepare communications to stakeholders about exposure. Within 30 days: Upgrade to Outline 1.1.0 or later as soon as available; conduct full access review and audit of administrative roles; implement principle of least privilege for all Outline users.

Outline CVE-2025-64487

HIGH

Improper Privilege Management (CWE-269)

2026-02-11 security-advisories@github.com

Privilege Escalation Outline

7.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.6 HIGH

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 21:16 nvd

HIGH 7.6

DescriptionGitHub Advisory

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

Articles & Coverage 1

github.blog GitHub Security Lab AI Framework Discovers 80+ Vulnerabilities Including CVE-2025-64487 Mar 06, 2026

AnalysisAI

Technical ContextAI

Classified as CWE-269 (Improper Privilege Management). Affects Outline. Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in 1.1.0.

RemediationAI

Fixed in version 1.1.0.. Restrict network access to the affected service where possible.

CVE-2025-64487 vulnerability details – vuln.today

Back