Moderate severityOSV Advisory· Published Dec 26, 2025· Updated Dec 26, 2025
CVE-2025-68943
CVE-2025-68943
Description
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | < 1.21.8 | 1.21.8 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-jhx5-4vr4-f327ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-68943ghsaADVISORY
- blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10ghsaWEB
- github.com/go-gitea/gitea/pull/29430ghsaWEB
- github.com/go-gitea/gitea/releases/tag/v1.21.8ghsaWEB
- blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10/mitre
News mentions
0No linked articles in our index yet.