Moderate severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025
CVE-2025-68941
CVE-2025-68941
Description
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | < 1.22.3 | 1.22.3 |
Affected products
4- osv-coords3 versionspkg:bitnami/giteapkg:golang/code.gitea.io/giteapkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 1.22.3+ 2 more
- (no CPE)range: < 1.22.3
- (no CPE)range: < 1.22.3
- (no CPE)range: < 0.0.20251230T014957-150000.1.134.1
Patches
Vulnerability mechanics
References
6News mentions
1- Gitea: Ten CVEs Disclosed Together, Seven High-Severity Token-Scope and Auth Bypass FlawsVypr Intelligence · Jun 17, 2026