CVE-2025-54585
Description
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations relying on GitProxy to enforce policy and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction. It does however, require a GitProxy administrator or designated user (canUserApproveRejectPush) to approve pushes to the child branch. This is fixed in version 1.19.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@finos/git-proxynpm | < 1.19.2 | 1.19.2 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3anvdPatchWEB
- github.com/finos/git-proxy/commit/f99fe42082eab0970e4cd0acdc3421a527a7e531nvdPatchWEB
- github.com/finos/git-proxy/releases/tag/v1.19.2nvdPatchRelease NotesWEB
- github.com/finos/git-proxy/security/advisories/GHSA-39p2-8hq9-fwj6nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-39p2-8hq9-fwj6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-54585ghsaADVISORY
News mentions
0No linked articles in our index yet.