Access Control Flaw in Gitea Affects Privileged Resource Management
CVE-2025-68941

4.9MEDIUM

Key Information:

Vendor: Gitea
Status: Gitea
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-68941?

Gitea, a popular self-hosted Git service, has a vulnerability that arises from improper handling of access rights. Specifically, when an API token with limited scope to public resources is used, it inadvertently grants access to private resources. This flaw can potentially allow unauthorized users to manipulate or gain insights into private data, compromising the integrity of the application. It is essential for users to update to version 1.22.3 or later to mitigate this risk and ensure secure access management.

Affected Version(s)

Gitea 0 < 1.22.3

References

https://blog.gitea.com/release-of-1.22.3/

https://github.com/go-gitea/gitea/releases/tag/v1.22.3

https://github.com/go-gitea/gitea/pull/32218

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Dec 26, 2025

JSON