CVE-2025-68938
MEDIUM
CVSS 4.3
No EPSS data
Description
Gitea before 1.25.2 mishandles authorization for deletion of releases.
CVSS details
EPSS
This CVE is not currently listed in the EPSS dataset.
Show JSON
{
"cve": {
"id": "CVE-2025-68938",
"cveTags": [],
"metrics": {
"cvssMetricV31": [
{
"type": "Secondary",
"source": "cve@mitre.org",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 4.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "LOW",
"confidentialityImpact": "NONE"
},
"impactScore": 1.4,
"exploitabilityScore": 2.8
},
{
"type": "Primary",
"source": "nvd@nist.gov",
"cvssData": {
"scope": "UNCHANGED",
"version": "3.1",
"baseScore": 5.3,
"attackVector": "NETWORK",
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"integrityImpact": "NONE",
"userInteraction": "NONE",
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"privilegesRequired": "NONE",
"confidentialityImpact": "NONE"
},
"impactScore": 1.4,
"exploitabilityScore": 3.9
}
]
},
"published": "2025-12-26T02:15:42.870",
"references": [
{
"url": "https://blog.gitea.com/release-of-1.25.2/",
"tags": [
"Release Notes"
],
"source": "cve@mitre.org"
},
{
"url": "https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d",
"tags": [
"Patch"
],
"source": "cve@mitre.org"
},
{
"url": "https://github.com/go-gitea/gitea/releases/tag/v1.25.2",
"tags": [
"Release Notes"
],
"source": "cve@mitre.org"
}
],
"vulnStatus": "Analyzed",
"weaknesses": [
{
"type": "Secondary",
"source": "cve@mitre.org",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gitea before 1.25.2 mishandles authorization for deletion of releases."
}
],
"lastModified": "2026-01-02T19:36:14.703",
"configurations": [
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A45E0EE-B51F-48AE-9B89-EB27065D777B",
"versionEndExcluding": "1.25.2"
}
],
"operator": "OR"
}
]
}
],
"sourceIdentifier": "cve@mitre.org"
}
}