AI description
CVE-2025-54576 is a vulnerability affecting OAuth2-Proxy, an open-source tool used for providing authentication services. The vulnerability exists in versions 7.10.0 and below when the `skip_auth_routes` configuration option is used with regular expression (regex) patterns. Attackers can bypass authentication by crafting URLs with specific query parameters that satisfy the configured regex patterns. This can lead to unauthorized access to protected resources. The issue arises because `skip_auth_routes` incorrectly matches against the entire request URI (path + query parameters) instead of just the path, as documented. This discrepancy allows attackers to append malicious query parameters to access protected endpoints, even if the base path is intended to be protected. Deployments using `skip_auth_routes` with regex patterns containing wildcards or broad matching patterns are particularly at risk.
- Description
- OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-290
- Hype score
- Not currently trending
🚨CVE-2025-54576: OAuth2-Proxy Authentication Bypass via skip_auth_routes Regex Misconfiguration CVSS: 9.1 ZoomEye Dork: app="OAuth2-Proxy" ZoomEye Link: https://t.co/ja3QYG5tyL Results: 8,072 GitHub Advisory: https://t.co/MhRdMfFj1m https://t.co/ftjcpt4r9d
@DarkWebInformer
13 Aug 2025
3393 Impressions
1 Retweet
19 Likes
8 Bookmarks
2 Replies
0 Quotes
OAuth2-Proxyに重大な認証バイパスの脆弱性(CVE-2025-54576) #セキュリティ対策Lab #セキュリティ #Security https://t.co/zZmDPPddQi
@securityLab_jp
4 Aug 2025
74 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54576 | CRITICAL (CVSS 9.8) OpenMetadata <1.3.1 is vulnerable to unauthenticated RCE via ingestion pipeline config. A crafted YAML payload lets attackers execute arbitrary code — no login needed. 🛠️ Affects: OpenMetadata, an open-source metadata managem
@Andrewkek77
1 Aug 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54576: OAuth2-Proxy has authentication bypass in oauth2-proxy skip_auth_routes due to Query Parameter inclusion 🎯34K+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/VQ1wqZtL6m FOFA Query:app="oauth2_proxy" 🔖Ref
@fofabot
31 Jul 2025
1037 Impressions
4 Retweets
18 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-54576 (CVSS 9.1): OAuth2-Proxy Auth Bypass Vulnerability! OAuth2-Proxy improperly matches skip_auth_routes regex against full URIs, allowing auth bypass via crafted query parameters. Search by vul.cve Filter👉vul.cve="CVE-2025-54576" ZoomEye https://t.co/tqT4
@zoomeye_team
31 Jul 2025
1380 Impressions
5 Retweets
20 Likes
9 Bookmarks
0 Replies
0 Quotes
OAuth2-Proxyに重大な認証バイパス脆弱性(CVE-2025-54576)が発見された。 問題はskip_auth_routes設定において、意図せずクエリパラメータも含めたリクエストURI全体に対して正規表現マッチを行っていた点にある。
@yousukezan
31 Jul 2025
1534 Impressions
1 Retweet
9 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54576(CVSS 9.1):Critical OAuth2-Proxy Flaw Allows Authentication Bypass via Query Parameters 📊27.8K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/POI26MVPOT 👇Query HUNTER : https://t.co/q9rtuGfZuz="OAuth2-Prox
@HunterMapping
31 Jul 2025
4068 Impressions
35 Retweets
80 Likes
31 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-54576: OAuth2-Proxy’s skip_auth_routes regex lets anyone reach protected apps with no login. Upgrade to 7.11.0 or harden those patterns! Full advisory ➡️ https://t.co/EPAUfv1psz #OAuth2Proxy #AppSec #infosec
@VolerionSec
30 Jul 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54576: CRITICAL] OAuth2-Proxy versions 7.10.0 & below are vulnerable to bypassing authentication using skip_auth_routes config with regex patterns. Issue fixed in version 7.11.0. Protect your resou...#cve,CVE-2025-54576,#cybersecurity https://t.co/Kg7vgelJQP https:/
@CveFindCom
30 Jul 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54576 OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balance… https://t.co/zrH1LXCx0Q
@CVEnew
30 Jul 2025
271 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes