cvedb.io
CVE-2025-64494
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2025-11-08T02:15:35.060 · Last modified 2026-06-17T09:54:27.610

Summary

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data (e.g. names) and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. This issue is fixed in version 0.10.0.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.