CVE-2025-68939 HIGH

CVE-2025-68939

Vendor Gitea
Product Gitea
Weakness CWE-424
Published December 26, 2025
Last update December 26, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Key dates

02Disclosure timeline

December 26, 2025 CVE published
December 26, 2025 Record updated