← Retour aux CVEs

CVE-2025-64522

CRITICAL

9.1

Description

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.

Details CVE

Score CVSS v3.19.1

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie11/10/2025

Derniere modification12/31/2025

Sourcenvd

Observations honeypot0

Produits affectes

charm:soft_serve

Faiblesses (CWE)

CWE-918

References

https://github.com/charmbracelet/soft-serve/commit/bb73b9a0eea0d902da4811420535842a4f9aae3b(security-advisories@github.com)

https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.1(security-advisories@github.com)

https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f(security-advisories@github.com)

https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.