What the vulnerability does
01Description
Gitea before 1.25.2 mishandles authorization for deletion of releases.
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Key dates
02Disclosure timeline
December 26, 2025
CVE published
December 26, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-24783 Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion
CVE-2026-53809 OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy
CVE-2022-22307 IBM Security Guardium privilege escalation
CVE-2026-48152 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
CVE-2022-1706
