CVE-2025-68941: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources

December 26, 2025

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.

References

blog.gitea.com/release-of-1.22.3
github.com/advisories/GHSA-xfq3-qj7j-4565
github.com/go-gitea/gitea
github.com/go-gitea/gitea/pull/32218
github.com/go-gitea/gitea/releases/tag/v1.22.3
nvd.nist.gov/vuln/detail/CVE-2025-68941

Code Behaviors & Features

Detect and mitigate CVE-2025-68941 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →