CVE-2025-6894526.12.2025, 04:15In Gitea before 1.21.2, an anonymous user can visit a private user's project.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.8 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NmitreCNA5.8 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NCISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: UnknownCommon Weakness EnumerationCWE-359 - Exposure of Private Personal Information to an Unauthorized ActorThe product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.Referenceshttps://blog.gitea.com/release-of-1.21.2/https://github.com/go-gitea/gitea/pull/28423https://github.com/go-gitea/gitea/releases/tag/v1.21.2