Home > Vulnerability Database > CVE-2025-54583

Mend.io Vulnerability Database

CVE-2025-54583

Good to know:

Date: July 30, 2025

GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/finos/git-proxy/commit/bd2ecb2099cba21bca3941ee4d655d2eb887b3a9

Url: https://github.com/finos/git-proxy/security/advisories/GHSA-qr93-8wwf-22g4

Url: https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a

Url: https://github.com/finos/git-proxy

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54583

Url: https://github.com/finos/git-proxy/releases/tag/v1.19.2

Url: https://www.mend.io/vulnerability-database/CVE-2025-54583

Severity Score

6.5

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version @finos/git-proxy - 1.19.2

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54583

Good to know:

Date: July 30, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?