CVE-2025-54576

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions OAuth2-Proxy versions 7.10.0 and earlier

Description OAuth2-Proxy deployments using the skip auth routes configuration option with regex patterns are vulnerable to authentication bypass. Attackers can craft URLs with malicious query parameters that satisfy the configured regex patterns, potentially gaining unauthorized access to protected resources. The issue arises because skip auth routes incorrectly matches against the full request URI (path and query parameters) instead of only the path. Deployments utilizing wildcard or broad matching patterns in skip auth routes are particularly at risk. Approximately 27,800 services and 34,000+ results are found to be affected.

Recommendations OAuth2-Proxy versions prior to 7.11.0 are vulnerable.

Upgrade to version 7.11.0 or later to resolve this issue.
Audit all skip auth routes configurations for overly permissive patterns.
Replace wildcard patterns with exact path matches where possible.
Ensure regex patterns are properly anchored, starting with ^ and ending with $.
Implement custom validation to strip query parameters before regex matching.

Exploit

Fix

RCE

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

ALT-PU-2025-11669

BDU:2025-14556

BIT-OAUTH2-PROXY-2025-54576

CVE-2025-54576

GHSA-7RH7-C77V-6434

GO-2025-3833

OPENSUSE-SU-2025:15434-1

SUSE-SU-2025:02912-1

Affected Products

Alt Linux

Oauth2 Proxy

CVE-2025-54576

Weakness Enumeration

Related Identifiers

Affected Products

References · 71