Sign in Get started

← All advisories

High severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025

CVE-2025-68939

CVE-2025-68939

Description

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
code.gitea.io/giteaGo	>= 0	—

Affected products

1

Go Gitea/GiteaOSV
Range: v0.9.99, v1.0.0, v1.1.0, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

github.com/advisories/GHSA-263q-5cv3-xq9gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-68939ghsaADVISORY
blog.gitea.com/release-of-1.23.0ghsaWEB
github.com/go-gitea/gitea/pull/32151ghsaWEB
github.com/go-gitea/gitea/releases/tag/v1.23.0ghsaWEB
blog.gitea.com/release-of-1.23.0/mitre

News mentions

0

No linked articles in our index yet.