CVE-2025-54585: GitProxy New Branch Approval Exploit
(updated )
An attacker can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch.
Because it can greatly affect system integrity, we classify this as a High impact vulnerability.
References
- github.com/advisories/GHSA-39p2-8hq9-fwj6
- github.com/finos/git-proxy
- github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a
- github.com/finos/git-proxy/commit/f99fe42082eab0970e4cd0acdc3421a527a7e531
- github.com/finos/git-proxy/releases/tag/v1.19.2
- github.com/finos/git-proxy/security/advisories/GHSA-39p2-8hq9-fwj6
- nvd.nist.gov/vuln/detail/CVE-2025-54585
Code Behaviors & Features
Detect and mitigate CVE-2025-54585 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →