Description

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.

INFO

Published Date :

2025-08-29T17:44:31.852Z

Last Modified :

2025-08-29T18:08:04.400Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58158 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58158.

URL Resource
https://github.com/harness/harness/commit/21c5ce42ae13740b1cad47706c2ec85e72cc8c20 cve-icon cve-icon
https://github.com/harness/harness/security/advisories/GHSA-w469-hj2f-jpr5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact