CVE-2025-54585 HIGH

CVE-2025-54585: GitProxy is vulnerable to a new branch approval exploit

Vendor Finos

Product git-proxy

Weakness CWE-285

Published July 30, 2025

Last update July 30, 2025

View on NVD All CVEs

CVSS base score

8.2/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

What the vulnerability does

01Description

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations relying on GitProxy to enforce policy and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction. It does however, require a GitProxy administrator or designated user (canUserApproveRejectPush) to approve pushes to the child branch. This is fixed in version 1.19.2.

Key dates

02Disclosure timeline

July 30, 2025 CVE published

July 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-54585 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

CVE-2025-54585: GitProxy is vulnerable to a new branch approval exploit

01Description

02Disclosure timeline

03References

04Related CVE