Home > Vulnerability Database > CVE-2025-58445

Mend.io Vulnerability Database

CVE-2025-58445

Good to know:

Date: September 6, 2025

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.

Severity Score

8.6

Related Resources (4)

Url: https://github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7

Url: https://github.com/runatlantis/atlantis

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58445

Url: https://www.mend.io/vulnerability-database/CVE-2025-58445

Severity Score

8.6

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58445

Good to know:

Date: September 6, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?