CVE-2025-68941
MEDIUM WAF: Low
CVSS 5.3
Published: 2025-12-26
CWE-863
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| gitea | gitea | up to 1.22.3 |
References
- blog.gitea.com (Release Notes)
- github.com (Issue Tracking, Patch)
- github.com (Release Notes)