CVE-2025-54583

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54583
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54583.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54583
Aliases
Published
2025-07-30T19:59:44.317Z
Modified
2026-04-10T05:30:39.404275Z
Severity
  • 8.3 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N CVSS Calculator
Summary
GitProxy bypasses approvals when pushing multiple branches
Details

GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54583.json"
}
References

Affected packages

Git / github.com/finos/git-proxy

Affected ranges

Type
GIT
Repo
https://github.com/finos/git-proxy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
12fce21a18b86f7637b61dbe25e788528cc6ea93

Affected versions

license-inventory-0.*
license-inventory-0.0.1
license-inventory-0.0.2
sample-0.*
sample-0.1.0
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.17.1
v1.17.2
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.7.0
v1.7.1
v1.8.0
v1.8.1
v1.9.0
v1.9.1
v1.9.2
v1.9.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54583.json"