CVE-2025-54583: GitProxy Approval Bypass When Pushing Multiple Branches
(updated )
This vulnerability allows a user to push to the remote repository while bypassing policies and explicit approval. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository.
Because it can allow policy violations to go undetected, we classify this as a High impact vulnerability.
References
- github.com/advisories/GHSA-qr93-8wwf-22g4
- github.com/finos/git-proxy
- github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a
- github.com/finos/git-proxy/commit/bd2ecb2099cba21bca3941ee4d655d2eb887b3a9
- github.com/finos/git-proxy/releases/tag/v1.19.2
- github.com/finos/git-proxy/security/advisories/GHSA-qr93-8wwf-22g4
- nvd.nist.gov/vuln/detail/CVE-2025-54583
Code Behaviors & Features
Detect and mitigate CVE-2025-54583 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →