OAuth Vulnerability in Gitpod Affecting Bitbucket Integration
CVE-2025-55750

6.5MEDIUM

Key Information:

Vendor

Gitpod-io

Status
Gitpod
Vendor
CVE Published:
29 August 2025

What is CVE-2025-55750?

A vulnerability in Gitpod's OAuth integration with Bitbucket allowed an authenticated user to unintentionally expose a valid Bitbucket access token through a maliciously crafted link. This issue arose from the way Bitbucket returned tokens combined with Gitpod's redirect handling. The problem was isolated to Bitbucket, and both GitHub and GitLab integrations were unaffected. User interaction was required for exploitation. Gitpod has addressed the issue by implementing improvements in redirect handling and hardening OAuth logic, with the fix available in main-gha.33628 and later versions. There are no known workarounds to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gitpod Gitpod Classic < main-gha.33628 < Gitpod Classic main-gha.33628

gitpod Gitpod Classic Enterprise < main-gha.33628 < Gitpod Classic Enterprise main-gha.33628

References

https://github.com/gitpod-io/gitpod/security/advisories/G...
x_refsource_CONFIRM
https://github.com/gitpod-io/gitpod/pull/20983
x_refsource_MISC
https://github.com/gitpod-io/gitpod/commit/a736c1b83bd781...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.