CVE-2025-54585

Name of the Vulnerable Software and Affected Versions GitProxy versions 1.19.1 and below

Description GitProxy is an application that acts as an intermediary between developers and a Git remote endpoint. A flaw in how GitProxy handles new branch creation allows attackers to bypass the approval of prior commits on the parent branch. This impacts users and organizations that rely on GitProxy to enforce policy and prevent unauthorized changes. Exploitation requires regular push access and the approval of a GitProxy administrator or designated user (canUserApproveRejectPush) for pushes to the child branch. The vulnerability stems from GitProxy checking for a specific hash (0000000000000000000000000000000000000000) to detect new branches, which can be exploited to push unapproved commits from a parent branch.

Recommendations Update GitProxy to version 1.19.2 or later.