CVE-2025-22130 — HIGH (8.8)

Q: How severe is CVE-2025-22130?

CVE-2025-22130 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-22130?

Check the references section above for vendor advisories and patch information. Affected products include: Charm Soft Serve.

Vulnerability Description

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Charm	Soft Serve	< 0.8.2

Related Weaknesses (CWE)

CWE-22

References

https://github.com/charmbracelet/soft-serve/commit/a8d1bf3f9349c138383b65079b7b8Patch
https://github.com/charmbracelet/soft-serve/releases/tag/v0.8.2Release Notes
https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-j4jw-m6xr-fPatchVendor Advisory

FAQ

What is CVE-2025-22130?

CVE-2025-22130 is a vulnerability with a CVSS score of 8.8 (HIGH). Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious u...

How severe is CVE-2025-22130?

CVE-2025-22130 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-22130?

Check the references section above for vendor advisories and patch information. Affected products include: Charm Soft Serve.