A critical vulnerability (CVE-2025-54576) in OAuth2-Proxy allows attackers to bypass authentication by manipulating query parameters in protected URLs. The issue is resolved in version v7.11.0, and users are advised to upgrade or audit their configurations to mitigate the risk.