CVE-2025-68938

Gitea before 1.25.2 mishandles authorization for deletion of releases.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://blog.gitea.com/release-of-1.25.2/	Release Notes
https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d	Patch
https://github.com/go-gitea/gitea/releases/tag/v1.25.2	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*

History

02 Jan 2026, 19:36

Type	Values Removed	Values Added
References	~~() https://blog.gitea.com/release-of-1.25.2/ -~~	() https://blog.gitea.com/release-of-1.25.2/ - Release Notes
References	~~() https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d -~~	() https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d - Patch
References	~~() https://github.com/go-gitea/gitea/releases/tag/v1.25.2 -~~	() https://github.com/go-gitea/gitea/releases/tag/v1.25.2 - Release Notes
CPE		cpe:2.3:a:gitea:gitea::::::::
First Time		Gitea Gitea gitea

26 Dec 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-26 02:15

Updated : 2026-01-02 19:36

NVD link : CVE-2025-68938

Mitre link : CVE-2025-68938

CVE.ORG link : CVE-2025-68938

JSON object : View

Products Affected

gitea

gitea

CWE

CWE-863

Incorrect Authorization

4.3 /10