Platform
go
Component
github.com/harness/gitness
Fixed in
3.3.1
3.3.0
1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13
CVE-2025-58158 describes an Arbitrary File Access vulnerability discovered in Harness Gitness, a Git repository management platform. This flaw allows an attacker to write arbitrary files on the server, potentially leading to severe consequences such as code execution and complete system compromise. The vulnerability affects versions of Gitness prior to 1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13, and a patch has been released to address the issue.
The Arbitrary File Access vulnerability in Harness Gitness poses a significant threat. An attacker could leverage this flaw to upload malicious files, such as web shells, to the server. Successful exploitation could grant the attacker remote code execution capabilities, allowing them to take complete control of the Gitness instance and potentially the underlying infrastructure. The attacker could also modify critical configuration files, leading to data breaches or denial of service. The ability to write arbitrary files bypasses standard security controls, making this a particularly dangerous vulnerability.
CVE-2025-58158 was publicly disclosed on 2025-09-17. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-58158 is to immediately upgrade to version 1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13 or later. Before upgrading, it is crucial to review the release notes for any breaking changes and plan a rollback strategy if necessary. While a direct workaround isn't available, restricting file write permissions on the Gitness server can reduce the potential impact. Implement robust input validation and sanitization to prevent malicious file uploads. Monitor Gitness logs for any suspicious file creation or modification activities.
Actualice Harness a la versión 3.3.0 o superior. Esta versión contiene una corrección para la vulnerabilidad de escritura arbitraria de archivos en el servidor Gitness LFS. La actualización evitará que usuarios maliciosos escriban archivos en ubicaciones no autorizadas del sistema.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58158 is a HIGH severity vulnerability in Harness Gitness that allows an attacker to write arbitrary files, potentially leading to code execution and system compromise. It affects versions before 1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13.
You are affected if you are using Harness Gitness versions prior to 1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13. Upgrade immediately to mitigate the risk.
Upgrade to version 1.0.4-gitspaces-beta.0.20250808064055-21c5ce42ae13 or later. Review release notes for breaking changes and plan a rollback strategy.
As of 2025-09-17, there are no publicly known active exploitation campaigns, but it's crucial to monitor for any emerging threats.
Refer to the official Harness security advisory for detailed information and updates: [https://www.harness.io/security/advisories](https://www.harness.io/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.