Octopus Deploy Server

by Octopus Deploy Pty. Ltd.v2025.3.14327

Last updated Jun 8, 2026

Octopus Deploy makes it easy to automate your deployments and operations runbooks from a single place, helping you ship code faster, improve reliability, and break down dev & ops silos.

Visit homepage

Install with winget

$ winget install --id OctopusDeploy.Server --exact --version 2025.3.14327

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Octopus Deploy Server

Octopus Deploy Server uses MSI (WiX). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i Octopus.2025.3.14327-x64.msi /quiet /norestart

See the full silent install reference for Octopus Deploy Server →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v2025.3.14327

Architecture	Type	Scope	Install	Download
x64	MSI WiX	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

25 known CVEs via NVD

medium4.3Fix in v2025.3.14731CVE-2026-3237affects before 2025.3.14731, 2025.4.10359, 2026.1.5571Mar 16, 2026
In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing k...
Vendor advisory
medium4.3Fix in v2025.3.14761CVE-2026-3236affects before 2025.3.14761, 2025.4.10409Mar 5, 2026
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
Vendor advisory
critical9.1Fix in v2025.3.14715CVE-2026-0704affects before 2025.3.14715Feb 25, 2026
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
Vendor advisory
high8.8Patched in wingetCVE-2025-0539affects before 2024.3.13071, 2024.4.7065Apr 9, 2025
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastruc...
Vendor advisory
medium4.9Patched in wingetCVE-2025-0588affects before 2024.3.13097, 2024.4.7091Feb 11, 2025
In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. By submitting a specifically crafted referrer header the user could ensure that all subsequent server responses would return 500 errors renderi...
Vendor advisory
medium5.4Patched in wingetCVE-2025-0526affects before 2024.3.13097, 2024.4.7091Feb 11, 2025
In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows.
Vendor advisory
medium5.4Patched in wingetCVE-2025-0513affects before 2024.3.12985, 2024.4.6962Feb 11, 2025
In affected versions of Octopus Server error messages were handled unsafely on the error page. If an adversary could control any part of the error message they could embed code which may impact the user viewing the error message.
high7.5Patched in wingetCVE-2025-0525affects before 2024.3.13007, 2024.4.6995Feb 10, 2025
In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. This could provide an adversary with information that may aid in further attacks against the server.

Showing 8 of 25. Source: NVD, updated 5h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

O
Octopus CLIOctopus Deploy Pty. Ltd.
OctopusDeploy.Cliv2.20.1
Work seamlessly with Octopus Deploy from the command line.
Octopus Deploy TentacleOctopus Deploy Pty. Ltd.
OctopusDeploy.Tentaclev8.3.3164
Tentacle is the deployment agent for Octopus, a deployment system for .NET developers.
Microsoft .NET Windows Desktop Runtime 8.0Microsoft Corporation
Microsoft.DotNet.DesktopRuntime.8v8.0.28
.NET is a free, cross-platform, open-source developer platform for building many different types of applications.
Microsoft .NET Windows Desktop Runtime 10.0Microsoft Corporation
Microsoft.DotNet.DesktopRuntime.10v10.0.9
.NET is a free, cross-platform, open-source developer platform for building many different types of applications.
Microsoft .NET SDK 10.0Microsoft Corporation
Microsoft.DotNet.SDK.10v10.0.109
.NET is a free, cross-platform, open-source developer platform for building many different types of applications.
Microsoft .NET Windows Desktop Runtime 6.0Microsoft Corporation
Microsoft.DotNet.DesktopRuntime.6v6.0.36
.NET is a free, cross-platform, open-source developer platform for building many different types of applications.

More from Octopus Deploy Pty. Ltd. or browse build, deploy, devops.

Frequently asked questions

How do I install Octopus Deploy Server on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id OctopusDeploy.Server --exact --version 2025.3.14327. winget downloads the installer from Octopus Deploy Pty. Ltd. and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Octopus Deploy Server silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id OctopusDeploy.Server --exact 2025.3.14327 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Octopus Deploy Server?

Octopus Deploy Server uses MSI (WiX). Run the downloaded installer with: msiexec.exe /i Octopus.2025.3.14327-x64.msi /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Octopus Deploy Server via winget?

Run: winget uninstall --id OctopusDeploy.Server --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Octopus Deploy Server's Apps & Features entry.

Is Octopus Deploy Server free?

Octopus Deploy Server is distributed under Proprietary. Refer to the publisher (https://octopus.com/downloads) for the full license terms - Wingetly itself does not charge for installation.

Does Octopus Deploy Server work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Octopus Deploy Server directly from the publisher.

How do I keep Octopus Deploy Server up to date?

Run winget upgrade --id OctopusDeploy.Server --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Octopus Deploy Server from microsoft/winget-pkgs.

Recent versions

2025.3.14327latest
2025.3.14320
2025.3.14311
2025.3.14302
2025.3.14292
2025.3.14287
2025.3.14283
2025.3.14271
2025.2.13082
2025.2.13071