CVE-2025-54864 | NixOS hydra /api/push-github missing authentication (GHSA-qpq3-646c-vgx9)

A vulnerability classified as critical was found in NixOS hydra. Affected by this vulnerability is an unknown functionality of the file /api/push-github. The manipulation leads to missing authentication.

This vulnerability is known as CVE-2025-54864. The attack can be launched remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.VulDB Recent EntriesRead More