PT-2025-36399 · Atlantis · Atlantis

Matthewmrichter

Published

2025-09-05

Updated

2025-09-22

CVE-2025-58445

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Atlantis (affected versions not specified)

Description Atlantis, a self-hosted golang application that listens for Terraform pull request events via webhooks, exposes detailed version information through the /status endpoint. This information disclosure could allow attackers to identify and target known issues associated with specific versions, potentially compromising the service's security.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-58445

GHSA-XH7V-965R-23F7

GO-2025-3940

OPENSUSE-SU-2025:15564-1

SUSE-SU-2025:03289-1

Affected Products

Atlantis

PT-2025-36399 · Atlantis · Atlantis

CVE-2025-58445

Weakness Enumeration

Related Identifiers

Affected Products

References · 49