CVE-2025-68945 MEDIUM

CVE-2025-68945

Vendor Gitea

Product Gitea

Weakness CWE-359

Published December 26, 2025

Last update December 26, 2025

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

Key dates

02Disclosure timeline

December 26, 2025 CVE published

December 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-68945 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/359.html

Related vulnerabilities

04Related CVE

CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal CVE-2022-0482 Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments CVE-2024-13953 Sensitive Information disclosed in log files CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields CVE-2025-49715 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability