Auth bypass in Finos Git-proxy

CVE-2025-54585

GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent bra…

EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.

Affected products

Finos Git-proxy — versions < 1.19.2

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

https://github.com/finos/git-proxy/security/advisories/GHSA-39p2-8hq9-fwj6 (x_refsource_CONFIRM)
https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a (x_refsource_MISC)
https://github.com/finos/git-proxy/commit/f99fe42082eab0970e4cd0acdc3421a527a7e531 (x_refsource_MISC)
https://github.com/finos/git-proxy/releases/tag/v1.19.2 (x_refsource_MISC)