CVE-2025-54576

OAuth2-Proxy · OAuth2-Proxy

A critical vulnerability in OAuth2-Proxy versions 7.10.0 and below allows for potential security bypasses in reverse proxy or middleware configurations.

Executive summary

A critical security vulnerability in OAuth2-Proxy versions 7.10.0 and below may allow attackers to bypass authentication or authorization controls, posing a significant risk to protected services.

Vulnerability

This vulnerability affects the core functionality of the OAuth2-Proxy tool. It involves a flaw in how the proxy handles requests, potentially allowing an attacker to bypass intended security constraints when acting as a middleware component.

Business impact

With a CVSS score of 9.1, this vulnerability poses a severe risk to any application relying on OAuth2-Proxy for identity and access management. Exploitation could lead to unauthorized access to sensitive downstream applications, data exfiltration, or complete bypass of organizational security policies.

Remediation

Immediate Action: Immediately upgrade all instances of OAuth2-Proxy to the latest available version to resolve the identified vulnerability.

Proactive Monitoring: Audit access logs for anomalous authentication requests or patterns that deviate from standard user traffic behavior.

Compensating Controls: Implement secondary authentication layers or enforce strict network-level access controls to limit exposure of the proxy interface until patching is completed.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

Given the critical nature of identity management components, this update should be treated with high urgency. Organizations must identify all deployments of OAuth2-Proxy and apply the necessary updates to maintain the integrity of their authentication infrastructure.