CVE-2025-64522 Overview
CVE-2025-64522 is a Server-Side Request Forgery (SSRF) vulnerability in Charm Soft Serve, a self-hostable Git server for the command line. Versions prior to 0.11.1 fail to validate webhook URLs configured by repository administrators. This allows authenticated administrators to register webhooks that point at internal services, private network ranges, and cloud metadata endpoints such as http://169.254.169.254/. The Soft Serve server then issues outbound HTTP requests to those targets on behalf of the attacker. The flaw is tracked under [CWE-918] and was fixed in version 0.11.1.
Critical Impact
Authenticated repository administrators can pivot Soft Serve into internal networks and exfiltrate cloud instance metadata, including IAM credentials, by directing webhook deliveries at restricted endpoints.
Affected Products
- Charm Soft Serve versions prior to 0.11.1
- Self-hosted Soft Serve Git server deployments
- Soft Serve instances running on cloud platforms (AWS, GCP, Azure) where the instance metadata service is reachable
Discovery Timeline
- 2025-11-10 - CVE-2025-64522 published to NVD
- 2025-12-31 - Last updated in NVD database
Technical Details for CVE-2025-64522
Vulnerability Analysis
Soft Serve allows repository administrators to register webhook URLs that are invoked when repository events occur. In versions prior to 0.11.1, the webhook creation path in pkg/backend/webhooks.go accepted any URL after basic sanitization and stored it directly in the datastore. When events fired, Soft Serve issued HTTP requests to the stored URL from the server-side context, with no allowlist or address filtering.
An attacker with administrator privileges on a repository can register webhooks pointing at loopback addresses, RFC1918 private ranges, link-local addresses, or cloud instance metadata services. Each triggered event causes Soft Serve to perform an authenticated outbound request to those targets and forward response handling internally. On AWS deployments, the IMDSv1 endpoint at 169.254.169.254 can be queried to retrieve IAM role credentials.
Root Cause
The root cause is missing destination validation on user-supplied webhook URLs. The webhook creation handler called utils.Sanitize(url) but did not check whether the resolved host belonged to a restricted address space. The fix introduces a webhook.ValidateWebhookURL(url) call that rejects internal, loopback, and metadata targets before persisting the webhook.
Attack Vector
Exploitation requires network access to the Soft Serve HTTP or SSH interface and repository administrator privileges. The attacker creates a webhook through the standard administrative interface, supplying an internal URL. Triggering any qualifying repository event then causes the server to dispatch the request, with scope change implied because the request is sent from the server's trust boundary into resources the attacker cannot reach directly.
// Security patch in pkg/backend/webhooks.go
datastore := store.FromContext(ctx)
url = utils.Sanitize(url)
// Validate webhook URL to prevent SSRF attacks
if err := webhook.ValidateWebhookURL(url); err != nil {
return err //nolint:wrapcheck
}
return dbx.TransactionContext(ctx, func(tx *db.Tx) error {
lastID, err := datastore.CreateWebhook(ctx, tx, repo.ID(), url, secret, int(contentType), active)
if err != nil {
// ...
}
})
Source: GitHub commit bb73b9a
Detection Methods for CVE-2025-64522
Indicators of Compromise
- Outbound HTTP requests from the Soft Serve process to 127.0.0.1, localhost, 169.254.169.254, or RFC1918 ranges
- Webhook entries in the Soft Serve datastore whose target host resolves to internal, loopback, or link-local addresses
- Unexpected access patterns against cloud instance metadata endpoints originating from the host running Soft Serve
- Soft Serve audit log entries showing webhook creation followed by repeated event-triggered deliveries to unusual hosts
Detection Strategies
- Audit the Soft Serve database table that stores webhook URLs and flag any host that is not a routable external domain
- Inspect process-level network telemetry on the Soft Serve host for connections initiated by the soft binary to private or metadata endpoints
- Correlate repository administrator account activity with new webhook registrations and subsequent outbound traffic spikes
Monitoring Recommendations
- Enable verbose logging on Soft Serve and forward webhook creation and delivery events to a centralized log platform for review
- Place an egress filter or proxy in front of Soft Serve and alert on requests destined for internal subnets or 169.254.169.254
- Review IAM role usage on the underlying cloud instance for credential calls that do not match expected Soft Serve workloads
How to Mitigate CVE-2025-64522
Immediate Actions Required
- Upgrade Soft Serve to version 0.11.1 or later, which adds ValidateWebhookURL enforcement on webhook creation
- Review all existing webhooks across repositories and delete any whose targets resolve to internal, loopback, or metadata addresses
- Rotate any cloud IAM credentials associated with the Soft Serve host if metadata access cannot be ruled out
- Restrict the set of accounts holding repository administrator privileges to reduce the abuse surface
Patch Information
The fix is delivered in Soft Serve v0.11.1 via commit bb73b9a0eea0d902da4811420535842a4f9aae3b. Details are published in GitHub Security Advisory GHSA-vwq2-jx9q-9h9f. The patch adds explicit URL validation to reject internal destinations before persistence.
Workarounds
- Deploy Soft Serve behind an egress proxy that blocks traffic to RFC1918, loopback, and link-local ranges
- Enforce IMDSv2 with hop-limit 1 on AWS deployments so the metadata service cannot be reached through a server-side proxy
- Limit administrator role assignments and audit webhook configurations regularly until the upgrade is applied
# Upgrade Soft Serve and verify version
go install github.com/charmbracelet/soft-serve/cmd/soft@v0.11.1
soft version
# Example AWS IMDSv2 enforcement on the Soft Serve EC2 instance
aws ec2 modify-instance-metadata-options \
--instance-id i-0123456789abcdef0 \
--http-tokens required \
--http-put-response-hop-limit 1 \
--http-endpoint enabled
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

