CVE-2025-58445
Last modified
CVE-2025-58445 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Runatlantis | Atlantis | <= 0.35.1 |
References
- https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7Exploit, Vendor Advisory
- https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-58445?
How severe is CVE-2025-58445?
How do I fix CVE-2025-58445?
Are you affected by CVE-2025-58445?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST