CVE-2025-69413

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.2

Description Gitea versions before 1.25.2 are affected by an issue where the /api/v1/user endpoint provides differing responses for authentication failures based on the existence of a username. Specifically, the response varies depending on whether the provided username exists in the system.

Recommendations Update Gitea to version 1.25.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-204

Related Identifiers

BDU:2026-03394

BIT-GITEA-2025-69413

CVE-2025-69413

GHSA-PC73-RJ2C-WVF9

GO-2026-4274

SUSE-SU-2026:0142-1

Affected Products

Gitea

Red Os

CVE-2025-69413

Weakness Enumeration

Related Identifiers

Affected Products

References · 52