CVE-2025-68945
published 2025-12-26CVE-2025-68945: In Gitea before 1.21.2, an anonymous user can visit a private user's project.
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.33%
24.5th percentile
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.21.2 | 1.21.2 |
| gitea | gitea | < 1.21.2 | 1.21.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
osv·2025-12-30
CVE-2025-68945 Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
OSV
Gitea: anonymous user can visit private user's project
osv·2025-12-26
CVE-2025-68945 [MEDIUM] Gitea: anonymous user can visit private user's project
Gitea: anonymous user can visit private user's project
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
GHSA
Gitea: anonymous user can visit private user's project
ghsa·2025-12-26
CVE-2025-68945 [MEDIUM] CWE-359 Gitea: anonymous user can visit private user's project
Gitea: anonymous user can visit private user's project
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
Red Hat
gitea: Gitea: Information disclosure via anonymous access to private user projects
vendor_redhat·2025-12-26·CVSS 5.8
CVE-2025-68945 [MEDIUM] CWE-359 gitea: Gitea: Information disclosure via anonymous access to private user projects
gitea: Gitea: Information disclosure via anonymous access to private user projects
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
A flaw was found in Gitea. An anonymous user can exploit this vulnerability by visiting a private user's project, leading to unauthorized information disclosure. This allows an attacker to view details of projects that should remain private.
Statement: This vulnerability is rated Moderate. In the Red Hat context, impact is limited as the vulnerable code is not present in Red Hat OpenShift Pipelines components.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread install
No detection rules found.
No public exploits indexed.
2025-12-26
Published