CVE-2025-55750
MEDIUMGitpod < main-gha.33628 - Authenticated OAuth Token Exposure via Bitbucket Redirect Flow
Title source: llmDescription
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment when clicked by an authenticated user. This resulted from how Bitbucket returned tokens and how Gitpod handled the redirect flow. The issue was limited to Bitbucket (GitHub and GitLab integrations were not affected), required user interaction, and has been mitigated through redirect handling and OAuth logic hardening. The issue was resolved in main-gha.33628 and later. There are no workarounds.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/gitpod-io/gitpod/security/advisories/GHSA-63fw-3jgp-2p2g
Issue Tracking x_refsource_misc
https://github.com/gitpod-io/gitpod/pull/20983
Scores
CVSS v3
6.5
EPSS
0.0031
EPSS Percentile
22.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-201
Status
published
Products (2)
gitpod-io/gitpod
Gitpod Classic < main-gha.33628
gitpod-io/gitpod
Gitpod Classic Enterprise < main-gha.33628
Published
Aug 29, 2025
Tracked Since
Feb 18, 2026