Soft Serve is vulnerable to SSRF through its Webhooks

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Description

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.

AI Analysis

SSRF vulnerability in Soft Serve Git server through unvalidated webhook URLs

Basic Information

ID CVE-2025-64522

Source GitHub_M

Published Nov 10, 2025 at 22:11

Affected Product

Vendor charmbracelet

Product soft-serve

Version < 0.11.1

Affected Versions charmbracelet soft-serve < 0.11.1

CWE Classification

CWE-918

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Charmbracelet

Product Soft Serve

Version < 0.11.1

References

{
    "lastseen": "",
    "description": "Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.",
    "published": "2025-11-10T22:11:18.863Z",
    "modified": "2025-11-10T22:11:18.863Z",
    "type": "cve",
    "title": "Soft Serve is vulnerable to SSRF through its Webhooks",
    "source": "GitHub_M",
    "references": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-vwq2-jx9q-9h9f\nhttps://github.com/charmbracelet/soft-serve/commit/bb73b9a0eea0d902da4811420535842a4f9aae3b\nhttps://github.com/charmbracelet/soft-serve/releases/tag/v0.11.1",
    "id": "CVE-2025-64522",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "charmbracelet soft-serve < 0.11.1",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "soft-serve",
    "version": "< 0.11.1",
    "vendor": "charmbracelet",
    "ai_description": "SSRF vulnerability in Soft Serve Git server through unvalidated webhook URLs",
    "ai_severity": "Critical",
    "ai_vendor": "Charmbracelet",
    "ai_product": "Soft Serve",
    "ai_version": "< 0.11.1",
    "ai_score": 9.1
}

Soft Serve is vulnerable to SSRF through its Webhooks_CVE-2025-64522