Authentication Bypass Vulnerability in OAuth2-Proxy by Oauth2-Proxy
CVE-2025-54576

Currently unrated

Key Information:

Vendor
CVE Published:
30 July 2025

Badges

📈 Score: 363👾 Exploit Exists📰 News Worthy

What is CVE-2025-54576?

CVE-2025-54576 is a security vulnerability found in OAuth2-Proxy, an open-source tool designed to simplify authentication for web applications. OAuth2-Proxy allows users to authenticate via various OAuth2 providers and can function as either a standalone reverse proxy or a middleware component within existing infrastructures. The vulnerability arises in versions 7.10.0 and below when the configuration option skip_auth_routes is used with regular expressions. This flaw enables attackers to bypass authentication mechanisms by crafting URLs that exploit these regex patterns, granting unauthorized access to sensitive resources. Such a breach can severely compromise an organization’s data integrity and confidentiality.

Potential Impact of CVE-2025-54576

  1. Unauthorized Access: The primary risk associated with CVE-2025-54576 is the potential for unauthorized access to protected resources. Attackers can manipulate URL parameters to bypass authentication, leading to exposure of sensitive data and systems.

  2. Data Breaches: Organizations utilizing OAuth2-Proxy with vulnerable configurations could experience data breaches. This could result in significant legal and financial repercussions, along with damage to reputation, as users' personal and sensitive information may be compromised.

  3. Increased Attack Surface: The existence of a vulnerability that can be exploited using common URL manipulation techniques expands the attack surface of affected systems. This situation may invite further attacks and exploits, as cybercriminals often leverage existing vulnerabilities to gain broader access or deploy additional malware.

News Articles

CVE-2025-54576 – CVE Details | CVETodo

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option w...

12 hours ago

References

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CVETodo

  • Vulnerability published

.
CVE-2025-54576 : Authentication Bypass Vulnerability in OAuth2-Proxy by Oauth2-Proxy