CVE-2025-68938
published 2025-12-26CVE-2025-68938: Gitea before 1.25.2 mishandles authorization for deletion of releases.
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.35%
26.8th percentile
Gitea before 1.25.2 mishandles authorization for deletion of releases.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.25.2 | 1.25.2 |
| gitea | gitea | < 1.25.2 | 1.25.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
osv·2025-12-30
CVE-2025-68938 Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
GHSA
Gitea mishandles authorization for deletion of releases
ghsa·2025-12-26
CVE-2025-68938 [MEDIUM] CWE-863 Gitea mishandles authorization for deletion of releases
Gitea mishandles authorization for deletion of releases
Gitea before 1.25.2 mishandles authorization for deletion of releases.
OSV
Gitea mishandles authorization for deletion of releases
osv·2025-12-26
CVE-2025-68938 [MEDIUM] Gitea mishandles authorization for deletion of releases
Gitea mishandles authorization for deletion of releases
Gitea before 1.25.2 mishandles authorization for deletion of releases.
Red Hat
gitea: incorrect authorization for deletion of releases
vendor_redhat·2025-12-26·CVSS 4.3
CVE-2025-68938 [MEDIUM] CWE-863 gitea: incorrect authorization for deletion of releases
gitea: incorrect authorization for deletion of releases
Gitea before 1.25.2 mishandles authorization for deletion of releases.
A flaw was found in Gitea. An incorrect authorization allows an authenticated user with minimal privileges to delete project releases, causing a loss of availability of project assets and distribution history.
Statement: This issue will only cause the deletion of project assets and distribution history with no other security impact, such as memory corruption or arbitrary code execution. Additionally, exploitation requires an authenticated account with minimal privileges, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with a moderate severity.
Mitigation: Mitigation for this issue is either not available or the curre
No detection rules found.
No public exploits indexed.
2025-12-26
Published