CVE-2025-68941

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.3

Description Gitea improperly manages access controls, potentially allowing unauthorized access to private resources when an API token with limited scope is used. Specifically, the issue arises when an API token is granted access only to public resources, but is then used to access private resources. The API token's scope is not correctly enforced, leading to potential information disclosure.

Recommendations Update to Gitea version 1.22.3 or later.

Fix

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BIT-GITEA-2025-68941

CVE-2025-68941

GHSA-XFQ3-QJ7J-4565

GO-2025-4268

SUSE-SU-2026:0037-1

Affected Products

Gitea

Red Os

CVE-2025-68941

Weakness Enumeration

Related Identifiers

Affected Products

References · 90