CVE-2025-54576
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-30

Last updated on: 2025-09-10

Assigner: GitHub, Inc.

Description
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-30
Last Modified
2025-09-10
Generated
2026-05-07
AI Q&A
2025-07-30
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54576
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oauth2_proxy_project oauth2_proxy to 7.11.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects OAuth2-Proxy versions 7.10.0 and below when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that match these regex patterns, gaining unauthorized access to protected resources. The root cause is that skip_auth_routes matches against the full request URI, including query parameters, which can be exploited if regex patterns are too broad or use wildcards.


How can this vulnerability impact me? :

If your deployment uses OAuth2-Proxy with skip_auth_routes configured with broad or wildcard regex patterns, attackers can bypass authentication controls and access protected resources without authorization. This can lead to unauthorized data access and potential compromise of sensitive information.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves auditing the oauth2-proxy configuration, specifically the skip_auth_routes option, to identify regex patterns that are overly permissive or contain wildcards that match query parameters. There are no specific commands provided in the available information to detect this vulnerability on a network or system.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include auditing all skip_auth_routes configurations for overly permissive regex patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching. Additionally, upgrading oauth2-proxy to version 7.11.0 or later will fix the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart