CyberSecurityBoard
Sponsor Register Login

OAuth2-Proxy Vulnerability Enables Authentication Bypass by Manipulating Query Parameters

The security flaw stems from the system’s incorrect handling of request URI matching, where the authentication bypass occurs because skip_auth_routes matches against the complete request URI (including both path and query parameters) rather than just the path component as documented. A critical security vulnerability has been identified in OAuth2-Proxy, a widely-used reverse proxy that provides authentication services for Google, Azure, OpenID Connect, and numerous other identity providers. The vulnerability, designated as CVE-2025-54576, enables attackers to bypass authentication mechanisms by manipulating query parameters in crafted URLs, potentially granting unauthorized access to protected resources. Deployments most at risk include those using skip_auth_routes with regex patterns containing wildcards or broad matching patterns, particularly when backend services ignore unknown query parameters.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 31 Jul 2025 08:40:22 +0000


Cyber News related to OAuth2-Proxy Vulnerability Enables Authentication Bypass by Manipulating Query Parameters

CVE-2021-32753 - EdgeX Foundry is an open source project for building a common open framework for internet-of-things edge computing. A vulnerability exists in the Edinburgh, Fuji, Geneva, and Hanoi versions of the software. When the EdgeX API gateway is configured ...
4 years ago
OAuth2-Proxy Vulnerability Enables Authentication Bypass by Manipulating Query Parameters - The security flaw stems from the system’s incorrect handling of request URI matching, where the authentication bypass occurs because skip_auth_routes matches against the complete request URI (including both path and query parameters) rather ...
4 months ago Cybersecuritynews.com CVE-2025-54576
Windows KDC Proxy RCE Vulnerability Let Attackers Control The Server Remotely - Security researchers have uncovered a significant remote code execution vulnerability in Microsoft’s Windows Key Distribution Center (KDC) Proxy that could potentially allow attackers to gain complete control over affected servers. The ...
9 months ago Cybersecuritynews.com CVE-2024-43639
VB.NET Proxy and VPN Check with IP2Location.io - Virtual Private Network servers are proxy servers that people use daily when browsing the Internet. As most of us are aware, websites track their visitors for advertising and marketing purposes. That's the same reason that people use residential ...
2 years ago Feeds.dzone.com
CVE-2024-43414 - Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner ...
1 year ago
CVE-2022-33684 - The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a ...
2 years ago
CVE-2024-37891 - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* ...
1 year ago
CVE-2024-4536 - In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component ( https://github.com/eclipse-edc/Connector ), an attacker might obtain OAuth2 client secrets from the vault. ...
1 year ago
CVE-2024-38351 - Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack ...
1 year ago
CVE-2025-64484 - OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of ...
1 month ago
How to secure on-prem apps with Entra Application Proxy - If your internal web applications are still internet-facing, then it's time to move away from turning your firewall into Swiss cheese just to externalize apps for your users. To reduce the attack surface, a traditional method, such as a VPN, has its ...
1 year ago Techtarget.com
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
Socks5Systemz proxy service infects 10,000 systems worldwide - A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. The malware infects computers and turns them into traffic-forwarding ...
2 years ago Bleepingcomputer.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
CVE-2025-54576 - OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when ...
4 months ago
Cisco Duo and ISE: Better together in the cybersecurity battlefield - Luckily for you, Cisco Duo and ISE are the perfect pair to protect your network. Think of Cisco Duo's multi-factor authentication as the added layer of security that verifies a user's identity at the time of login, like a high-tech forcefield that ...
2 years ago Feedpress.me
CVE-2020-15234 - ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using ...
4 years ago
CVE-2022-2880 - Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable ...
2 years ago
CVE-2021-21291 - OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the ...
4 years ago
CVE-2022-34321 - Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to ...
1 year ago
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com
Top 10 Best Passwordless Authentication Tools in 2025 - Auth0 provides a flexible authentication and authorization platform that supports passwordless login methods, enhancing security and user experience by eliminating the need for traditional passwords. Okta provides a robust identity and access ...
9 months ago Cybersecuritynews.com
Selecting an Authentication Protocol for Your Business - Authentication protocols serve as the backbone of online security, enabling users to confirm their identities securely and access protected information and services. The protocols exchange information to verify the validity of the authentication ...
1 year ago Darkreading.com
Biometric Authentication in Business: Enhancing Security - With its high level of security, convenience, user-friendliness, and accuracy, biometric authentication is paving the way for the future of secure authentication in the business world. One of the primary advantages of implementing biometric ...
1 year ago Securityzap.com
Hackers Actively Attacking Linux SSH Servers to Deploy TinyProxy or Sing-box Proxy Tools - The Sing-box variant utilizes GitHub-hosted installation scripts, deploying a multipurpose proxy supporting vmess-argo, vless-reality, Hysteria2, and TUICv5 protocols, originally designed for bypassing geographic content restrictions but repurposed ...
5 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)