CVE-2025-58445 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-58445 PUBLISHED CVSS 6.900000095367432 MEDIUM

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.

EPSS 0.07% · 20.4th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.07%

20.4th percentile

Affected Products

Vendor	Product	Versions
runatlantis	atlantis	<= 0.35.1, 0
github.com	runatlantis/atlantis	0

Timeline

Jan 21, 1970 Security Advisory
Sep 5, 2025 CVE Published
Sep 6, 2025 Coalition ESS Score
Sep 6, 2025 PoC Published
Sep 7, 2025 EPSS Score
Sep 8, 2025 Coalition ESS Score
Sep 8, 2025 Coalition ESS Score
Sep 10, 2025 Coalition ESS Score
Sep 13, 2025 CVE Updated
Sep 14, 2025 EPSS Score
Sep 21, 2025 EPSS Score
Sep 28, 2025 EPSS Score

References

Open in Interactive Console →