Security Advisory

CVE-2025-64522

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-10 22:11:18

Last updated 2025-11-12 20:13:12

Assigner GitHub_M

State PUBLISHED

Description

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.

← Browse all CVEs View on cve.org ↗