High severity7.5NVD Advisory· Published Sep 6, 2025· Updated Jun 17, 2026
CVE-2025-58445
CVE-2025-58445
Description
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/runatlantis/atlantisGo | <= 0.35.1 | — |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/atlantispkg:apk/chainguard/atlantis-fipspkg:apk/wolfi/atlantispkg:golang/github.com/runatlantis/atlantispkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.36.0-r2+ 6 more
- (no CPE)range: < 0.36.0-r2
- (no CPE)range: < 0.36.0-r1
- (no CPE)range: < 0.36.0-r2
- (no CPE)range: <= 0.35.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- (no CPE)range: < 0.0.20250917T170349-1.1
- (no CPE)range: < 0.0.20250918T182144-150000.1.107.1
- runatlantis/atlantisv5Range: <= 0.35.1
Patches
Vulnerability mechanics
References
3- github.com/runatlantis/atlantis/security/advisories/GHSA-xh7v-965r-23f7nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-xh7v-965r-23f7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-58445ghsaADVISORY
News mentions
0No linked articles in our index yet.