Description

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.

INFO

Published Date :

2025-11-10T22:11:18.863Z

Last Modified :

2025-11-12T20:13:12.894Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64522 vulnerability.

Vendors Products
Charm
  • Soft Serve
Charmbracelet
  • Soft-serve
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64522.

URL Resource
https://github.com/charmbracelet/soft-serve/commit/bb73b9a0eea0d902da4811420535842a4f9aae3b cve-icon cve-icon
https://github.com/charmbracelet/soft-serve/releases/tag/v0.11.1 cve-icon cve-icon
https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact