Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
* Last update: 31/07/2025
* Affected software:: OAuth2-Proxy prior to version v7.11.0
* Type: Authentication bypass
* CVE/CVSS
→ CVE-2025-54576: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-7rh7-c77v-6434
On 30 July 2025, OAuth2-Proxy published a security release to fix CVE-2025-54576. This vulnerability
affects OAuth2-proxy deployments using the skip_auth_routes configuration option with regex patterns.
OAuth2-Proxy is an open-source tool that can be used as a reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups.
Successfully exploiting CVE-2025-54576 allows attackers to bypass authentication and gain
unauthorised access to protected resources. Exploitation of this vulnerability can have a high impact on
confidentiality and integrity, and no impact on availability.
There is no report of active exploitation (cut-off date: 31 July 2025).
CVE-2025-54576 is a flaw affecting OAuth2-proxy deployments using the skip_auth_routes configuration
option with regex patterns. There is a flaw in skip_auth_routes that causes it to match the complete
request URI (path + query parameters) instead of just the path, as documented. This discrepancy
enables authentication bypass attacks where attackers append malicious query parameters to access
protected endpoints.
Note that deployments using skip_auth_routes with regex patterns containing wildcards or broad
matching patterns are most at risk, especially when backend services ignore unknown query parameters.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
OAuth2-Proxy also recommends implementing the following immediate mitigations to secure your
configuration:
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
https://oauth2-proxy.github.io/oauth2-proxy/configuration/overview/#proxy-options