Sign in Get started

← All advisories

Moderate severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025

CVE-2025-68941

CVE-2025-68941

Description

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
code.gitea.io/giteaGo	< 1.22.3	1.22.3

Affected products

1

Go Gitea/GiteaOSV
Range: v0.9.99, v1.0.0, v1.1.0, …

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

github.com/advisories/GHSA-xfq3-qj7j-4565ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-68941ghsaADVISORY
blog.gitea.com/release-of-1.22.3ghsaWEB
github.com/go-gitea/gitea/pull/32218ghsaWEB
github.com/go-gitea/gitea/releases/tag/v1.22.3ghsaWEB
blog.gitea.com/release-of-1.22.3/mitre

News mentions

0

No linked articles in our index yet.