{"id":71476,"date":"2025-09-05T01:49:52","date_gmt":"2025-09-05T01:49:52","guid":{"rendered":""},"modified":"2025-10-05T17:38:57","modified_gmt":"2025-10-05T23:38:57","slug":"cve-2025-58158-harness-open-source-git-lfs-server-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-58158-harness-open-source-git-lfs-server-vulnerability\/","title":{"rendered":"CVE-2025-58158: Harness Open Source Git LFS Server Vulnerability<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The cybersecurity community has recently discovered a significant vulnerability in the Harness Open Source end-to-end developer platform. Identified as CVE-2025-58158, this flaw affects the git LFS server (Gitness) component of the platform. Given the widespread use of this software by developers around the world, the vulnerability has serious implications for numerous systems<\/a> and applications.
\nThe importance of this vulnerability lies in its potential<\/a> for exploitation. A malicious, authenticated user with access to the Harness Gitness server<\/a> API can craft an upload request, allowing them to write an arbitrary file to any location on the file system. This could potentially compromise the server, leading to data leakage or even a full<\/a> system takeover.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-58158
\nSeverity: High (8.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: System compromise<\/a>, data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n