CVE-2025-68938

EUVD-2025-205406
Gitea before 1.25.2 mishandles authorization for deletion of releases.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
mitreCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
giteagitea
𝑥
< 1.25.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.gitea.com/release-of-1.25.2/
https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d
https://github.com/go-gitea/gitea/releases/tag/v1.25.2