CVE-2025-54583
MEDIUMfinos/gitproxy < 1.19.2 - Incorrect Authorization via Policy Bypass
Title source: llmDescription
GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/finos/git-proxy/security/advisories/GHSA-qr93-8wwf-22g4
Patch x_refsource_misc
https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a
Patch x_refsource_misc
https://github.com/finos/git-proxy/commit/bd2ecb2099cba21bca3941ee4d655d2eb887b3a9
Patch, Release Notes x_refsource_misc
https://github.com/finos/git-proxy/releases/tag/v1.19.2
Scores
CVSS v3
6.5
EPSS
0.0042
EPSS Percentile
33.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (2)
finos/git-proxy
0 - 1.19.2npm
finos/gitproxy
< 1.19.2
Published
Jul 30, 2025
Tracked Since
Feb 18, 2026