CVE-2025-68940
MEDIUM WAF: Low
CVSS 5.3
Published: 2025-12-26
CWE-863
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| gitea | gitea | up to 1.22.5 |
References
- blog.gitea.com (Release Notes)
- github.com (Issue Tracking, Patch)
- github.com (Release Notes)