CVE-2025-55750 is a medium-severity vulnerability affecting Gitpod Classic and Gitpod Classic Enterprise versions prior to main-gha.33628. Gitpod is a cloud-based developer platform that integrates with various source code management services, including Bitbucket, GitHub, and GitLab, to provide seamless cloud development environments. This vulnerability specifically concerns the OAuth integration with Bitbucket. Under certain conditions, when an authenticated user clicks on a crafted link, a valid Bitbucket access token is exposed via the URL fragment. This occurs due to the way Bitbucket returns OAuth tokens during the redirect flow and how Gitpod handled this redirect. The token exposure is a result of CWE-201: Insertion of Sensitive Information Into Sent Data, meaning sensitive tokens are inserted into URL fragments that can be leaked through browser history, logs, or referer headers if the URL is shared or intercepted. The vulnerability requires user interaction (clicking the crafted link) and does not affect GitHub or GitLab integrations. The issue was mitigated by hardening the OAuth redirect handling and logic in Gitpod version main-gha.33628 and later. No workarounds exist, and no known exploits have been reported in the wild. The CVSS v3.1 score is 6.5, reflecting a network attack vector with low complexity, no privileges required, but requiring user interaction. The impact is high on confidentiality since access tokens can be stolen, but there is no impact on integrity or availability.

For European organizations using Gitpod Classic or Gitpod Classic Enterprise integrated with Bitbucket, this vulnerability poses a risk of unauthorized access to Bitbucket repositories if an attacker can trick an authenticated user into clicking a malicious link. The exposed access token could allow attackers to access source code, potentially leading to intellectual property theft, code tampering in subsequent attacks, or leakage of sensitive development information. Given the token is exposed in the URL fragment, it could be captured through browser history, network logs, or referer headers if the user navigates to external sites. This risk is particularly relevant for organizations with strict data protection and intellectual property requirements under regulations such as GDPR. Although exploitation requires user interaction and no known active exploits exist, the potential confidentiality breach could have significant operational and reputational consequences. The vulnerability does not affect availability or integrity directly but could be a stepping stone for further attacks if tokens are misused.

European organizations should immediately upgrade Gitpod Classic and Gitpod Classic Enterprise installations to version main-gha.33628 or later to apply the official fix. Since no workarounds exist, patching is the only effective mitigation. Additionally, organizations should review OAuth token handling policies and educate users about the risks of clicking untrusted links, especially those related to Bitbucket integrations. Implement monitoring for unusual OAuth token usage or access patterns in Bitbucket accounts to detect potential token compromise. Enforce strict browser security policies to limit URL fragment leakage, such as disabling referer headers or using Content Security Policy (CSP) directives where feasible. Consider implementing OAuth token expiration and rotation policies to minimize the window of exposure. Finally, audit and restrict OAuth scopes granted to Gitpod to the minimum necessary privileges to reduce potential damage if tokens are compromised.