PT-2025-35649 · Unknown · Soft Serve

Msanft

Published

2025-09-02

Updated

2026-05-24

CVE-2025-58355

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.10.0

Description Soft Serve is a self-hostable Git server for the command line. The SSH API allows attackers to create or override arbitrary files with uncontrolled data using the --output variable.

Recommendations Update to version 0.10.0.

Exploit

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-58355

GHSA-33PR-M977-5W97

GO-2025-3930

OPENSUSE-SU-2025:15538-1

SUSE-SU-2025:03289-1

Affected Products

Soft Serve

PT-2025-35649 · Unknown · Soft Serve

CVE-2025-58355

Weakness Enumeration

Related Identifiers

Affected Products

References · 48