CVE-2025-68939

CVSS v3.1

8.2

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.23.0

Description A flaw exists that enables attackers to add attachments with file extensions that are normally prohibited. This is achieved by modifying the attachment name through the attachment API. The affected API endpoint is the attachment API. Attackers manipulate the filename parameter to bypass file extension restrictions.

Recommendations Update to version 1.23.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-424

Related Identifiers

BIT-GITEA-2025-68939

CVE-2025-68939

GHSA-263Q-5CV3-XQ9G

GO-2025-4261

SUSE-SU-2026:0037-1

Affected Products

Gitea

Red Os

CVE-2025-68939

Weakness Enumeration

Related Identifiers

Affected Products

References · 92