CVE-2025-10760 is a Server-Side Request Forgery (SSRF) vulnerability identified in Harness version 3.3.0, specifically within the LookupRepo function of the file app/api/controller/gitspace/lookup_repo.go. SSRF vulnerabilities occur when an attacker can manipulate server-side requests by controlling input parameters, in this case the 'url' argument, causing the server to make unintended HTTP requests. This flaw allows a remote attacker to craft malicious requests that the vulnerable Harness server will execute, potentially accessing internal resources or services that are otherwise inaccessible externally. The vulnerability does not require user interaction or authentication, making it easier to exploit remotely. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the moderate impact on confidentiality, integrity, and availability, with low complexity and no privileges required. The vendor was notified but has not responded or issued a patch, and while no known exploits are currently active in the wild, proof-of-concept exploit code has been published, increasing the risk of exploitation. SSRF can be leveraged to scan internal networks, access metadata services, or pivot to other internal systems, potentially leading to data leakage or further compromise depending on the internal network architecture and protections in place.

For European organizations using Harness 3.3.0, this SSRF vulnerability poses a significant risk. Harness is a continuous delivery platform often integrated into DevOps pipelines, meaning compromised instances could allow attackers to access internal infrastructure, source code repositories, or cloud metadata endpoints. This could lead to unauthorized data access, disruption of deployment processes, or lateral movement within corporate networks. Given the remote exploitability without authentication, attackers could target exposed Harness instances directly over the internet. The lack of vendor response and patch availability increases exposure time. Organizations in Europe with sensitive intellectual property or critical infrastructure relying on Harness for deployment automation could face operational disruptions and data breaches. The impact is heightened in environments where network segmentation or egress filtering is weak, allowing SSRF to reach sensitive internal services. Additionally, compliance with GDPR and other data protection regulations means that exploitation could result in regulatory penalties and reputational damage.

Immediate mitigation steps include restricting network access to Harness instances, ensuring they are not publicly accessible unless absolutely necessary. Implement strict egress filtering on the network to limit outbound requests from the Harness server to only trusted destinations, preventing SSRF from reaching internal or cloud metadata services. Employ web application firewalls (WAFs) with rules tuned to detect and block SSRF patterns targeting the 'url' parameter in the LookupRepo function. Monitor logs for unusual outbound requests originating from Harness servers. If possible, disable or restrict the LookupRepo functionality until a vendor patch is available. Conduct internal code reviews or penetration tests to identify other potential SSRF vectors. Organizations should also consider deploying runtime application self-protection (RASP) solutions to detect and block SSRF attempts in real time. Finally, maintain an inventory of all Harness instances and upgrade to patched versions promptly once available, or apply vendor-provided workarounds if released.