← Back to CVEs
CVE-2025-58445
HIGH7.5
Description
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/6/2025
Last Modified9/10/2025
Sourcenvd
Honeypot Sightings0
Affected Products
runatlantis:atlantis
Weaknesses (CWE)
CWE-200
References
https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7(security-advisories@github.com)
https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.