← Back to CVEs
CVE-2025-68939
HIGH8.2
Description
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
CVE Details
CVSS v3.1 Score8.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
Published12/26/2025
Last Modified1/2/2026
Sourcenvd
Honeypot Sightings0
Affected Products
gitea:gitea
Weaknesses (CWE)
CWE-424
References
https://blog.gitea.com/release-of-1.23.0/(cve@mitre.org)
https://github.com/go-gitea/gitea/pull/32151(cve@mitre.org)
https://github.com/go-gitea/gitea/releases/tag/v1.23.0(cve@mitre.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.