CVE-2025-68663
Undergoing Analysis Undergoing Analysis - In Progress
WebSocket Authentication Bypass in Outline Allows Unauthorized Access

Publication date: 2026-02-11

Last updated on: 2026-02-20

Assigner: GitHub, Inc.

Description
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue receiving sensitive operational updates after their account has been suspended. This vulnerability is fixed in 1.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68663
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
getoutline outline to 1.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact you by allowing suspended users to continue accessing real-time WebSocket connections.

Such users can receive sensitive operational updates, including the contents of modified documents, which may lead to unauthorized information disclosure.

Compliance Impact

I don't know

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-68663 is a high-severity vulnerability in Outline's WebSocket authentication mechanism affecting versions up to and including v1.0.1."}, {'type': 'paragraph', 'content': 'The flaw allows suspended users to bypass authentication controls and maintain or establish real-time WebSocket connections despite their account suspension.'}, {'type': 'paragraph', 'content': 'As a result, these users can continue receiving sensitive operational updates, including the contents of modified documents.'}, {'type': 'paragraph', 'content': 'This vulnerability is classified under CWE-287 (Improper Authentication), where the system fails to adequately verify the identity claims of users.'}, {'type': 'paragraph', 'content': 'The issue was fixed in Outline version 1.1.0.'}] [1]

Detection Guidance

This vulnerability involves suspended users maintaining or establishing WebSocket connections despite account suspension, which indicates improper authentication in the WebSocket mechanism.

To detect this on your network or system, you can monitor WebSocket connections for active sessions from suspended user accounts.

Suggested commands include inspecting WebSocket traffic and user session states, for example using network monitoring tools like tcpdump or Wireshark to filter WebSocket traffic, or querying your application logs for WebSocket connection attempts from suspended users.

  • Use tcpdump to capture WebSocket traffic: tcpdump -i <interface> -w websocket_traffic.pcap port 80 or port 443
  • Analyze captured traffic with Wireshark to identify WebSocket connections from suspended user IPs or sessions.
  • Check application logs for WebSocket authentication events related to suspended accounts.
Mitigation Strategies

The primary mitigation step is to upgrade Outline to version 1.1.0 or later, where this vulnerability has been fixed.

Until the upgrade can be applied, consider temporarily disabling WebSocket connections for suspended users or implementing additional access controls to prevent suspended accounts from establishing or maintaining WebSocket connections.

Review and audit user suspension processes to ensure suspended users lose all real-time access immediately.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68663. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart