Sign in Get started

← All advisories

Low severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025

CVE-2025-68940

CVE-2025-68940

Description

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
code.gitea.io/giteaGo	< 1.22.5	1.22.5

Affected products

1

Go Gitea/GiteaOSV
Range: v0.9.99, v1.0.0, v1.1.0, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

github.com/advisories/GHSA-rrcw-5rjv-vj26ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-68940ghsaADVISORY
blog.gitea.com/release-of-1.22.5ghsaWEB
github.com/go-gitea/gitea/pull/32654ghsaWEB
github.com/go-gitea/gitea/releases/tag/v1.22.5ghsaWEB
blog.gitea.com/release-of-1.22.5/mitre

News mentions

0

No linked articles in our index yet.