Browse all 4 CVE security advisories affecting finos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FINOS is an open-source financial industry operating system enabling collaboration across financial services organizations. Historically, FINOS has been susceptible to common web vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, particularly in its web-based components. The platform's distributed nature introduces potential attack surfaces in its integration points. While no major public security incidents have been widely reported, the presence of four CVEs indicates ongoing security considerations. FINOS's focus on interoperability within the financial sector necessitates robust security measures to protect sensitive financial data and maintain trust in its collaborative ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54586 | GitProxy is susceptible to a hidden commits injection attack — git-proxyCWE-200 | 7.1 | High | 2025-07-30 |
| CVE-2025-54585 | GitProxy is vulnerable to a new branch approval exploit — git-proxyCWE-285 | 6.5AI | MediumAI | 2025-07-30 |
| CVE-2025-54584 | GitProxy is vulnerable to a packfile parsing exploit — git-proxyCWE-115 | 6.5AI | MediumAI | 2025-07-30 |
| CVE-2025-54583 | GitProxy bypasses approvals when pushing multiple branches — git-proxyCWE-863 | 9.1AI | CriticalAI | 2025-07-30 |
This page lists every published CVE security advisory associated with finos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.