CVE-2025-10761 is a vulnerability identified in Harness version 3.3.0 affecting the login endpoint (/api/v1/login). The core issue is an improper restriction of excessive authentication attempts, which means the system does not adequately limit the number of login attempts an attacker can make. This flaw can be exploited remotely without requiring authentication or user interaction, although the attack complexity is high and exploitability is considered difficult. The vulnerability allows an attacker to perform brute-force or credential stuffing attacks more effectively, potentially leading to unauthorized access if valid credentials are guessed or obtained. The vulnerability has been publicly disclosed, but no patch or vendor response has been provided yet. The CVSS 4.0 base score is 6.3 (medium severity), reflecting network attack vector, high attack complexity, no privileges or user interaction required, and low impact on confidentiality, integrity, and availability. The lack of proper throttling or lockout mechanisms on the login API endpoint is the root cause, which can facilitate automated attacks against user accounts. Although no known exploits are currently in the wild, the public disclosure increases the risk of exploitation attempts. This vulnerability is particularly relevant for organizations relying on Harness 3.3.0 for CI/CD or deployment automation, as compromised credentials could lead to unauthorized access to critical infrastructure or deployment pipelines.

For European organizations using Harness 3.3.0, this vulnerability poses a risk of unauthorized access through brute-force attacks on the login endpoint. Successful exploitation could allow attackers to gain access to deployment pipelines or automation workflows, potentially leading to unauthorized code deployments, data leakage, or disruption of services. Given the medium severity and high complexity, the immediate risk is moderate but could escalate if combined with other vulnerabilities or weak credential hygiene. Organizations in sectors with high regulatory requirements (e.g., finance, healthcare, critical infrastructure) could face compliance issues or reputational damage if breaches occur. The lack of vendor response and patch availability increases the window of exposure, emphasizing the need for proactive mitigation. Additionally, the remote and unauthenticated nature of the attack vector means that attackers do not need prior access, increasing the threat surface. However, the low impact on confidentiality, integrity, and availability as per CVSS suggests that the vulnerability alone may not lead to full system compromise but could be a stepping stone for further attacks.

1. Implement external rate limiting and account lockout policies on the login endpoint to restrict excessive authentication attempts. 2. Deploy Web Application Firewalls (WAFs) with rules to detect and block brute-force patterns targeting /api/v1/login. 3. Enforce strong password policies and encourage multi-factor authentication (MFA) for all user accounts to reduce the risk of credential compromise. 4. Monitor authentication logs for unusual patterns indicative of brute-force or credential stuffing attacks. 5. Isolate or segment the Harness deployment environment to limit lateral movement in case of account compromise. 6. Regularly update and patch Harness once a vendor fix is released; meanwhile, consider upgrading to a non-affected version if available. 7. Conduct security awareness training for users on credential security and phishing risks. 8. If possible, restrict login API access by IP whitelisting or VPN to reduce exposure. 9. Employ anomaly detection systems to alert on abnormal login behaviors. These steps go beyond generic advice by focusing on compensating controls and monitoring strategies until an official patch is available.