CVE-2025-58355: Soft Serve vulnerable to arbitrary file writing through SSH API
Attackers can create/override arbitrary files with uncontrolled data.
For a PoC, spin up an instance of soft-serve as explained in the README, and execute the following command:
ssh -p23231 localhost repo commit icecream -- --output=/tmp/pwned
It should have created a file in /tmp/pwned
.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-58355 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →