CVE-2025-54585 is a high-severity vulnerability (CVSS 8.2) affecting finos git-proxy versions 1.19.1 and below. GitProxy acts as an intermediary application between developers and Git remote endpoints, enforcing policies such as approval workflows to prevent unapproved code changes. The vulnerability arises from improper authorization (CWE-285) in the handling of new branch creation. Specifically, attackers with regular push access can bypass the approval process for commits on a newly created child branch, circumventing the intended policy enforcement that requires prior commits on the parent branch to be approved. This bypass does not require elevated privileges beyond normal push rights and does not need additional user interaction, but it does require that the administrator or designated user role (canUserApproveRejectPush) is configured to approve pushes to the child branch. The flaw enables unauthorized code changes to be introduced without the necessary review, potentially undermining code integrity and trust in the development pipeline. The issue was addressed and fixed in version 1.19.2 of git-proxy. There are no known exploits in the wild at the time of publication, but the vulnerability's characteristics make it a significant risk for organizations relying on git-proxy to enforce strict code approval policies.

For European organizations, this vulnerability poses a substantial risk to the integrity of software development processes, especially those that rely on git-proxy to enforce compliance and security policies. Unauthorized code changes could lead to the introduction of malicious code, backdoors, or vulnerabilities into production software, potentially affecting confidentiality, integrity, and availability of critical systems. Organizations in regulated sectors such as finance, healthcare, and critical infrastructure, which often have stringent software governance requirements, could face compliance violations and reputational damage if unapproved changes are introduced. The ease of exploitation—requiring only regular push access and no user interaction—means insider threats or compromised developer accounts could be leveraged to bypass controls. This could facilitate supply chain attacks or insider sabotage. The lack of known exploits currently provides a window for proactive mitigation, but the high CVSS score indicates the potential for significant impact if exploited.

European organizations using git-proxy should immediately upgrade to version 1.19.2 or later to remediate this vulnerability. Until the upgrade is applied, organizations should implement strict access controls to limit push permissions only to fully trusted users and monitor branch creation activities closely. Enforce multi-factor authentication (MFA) for all users with push access to reduce the risk of account compromise. Additionally, implement supplementary code review and approval mechanisms outside of git-proxy where feasible, such as integrating with external CI/CD pipelines that enforce approval policies. Audit existing branches for unauthorized changes and review logs for suspicious push activities. Educate developers and administrators about the vulnerability and the importance of adhering to secure development workflows. Finally, consider deploying anomaly detection tools to identify unusual repository activities that could indicate exploitation attempts.