CVE-2025-68943: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

December 26, 2025

Gitea before 1.21.8 inadvertently discloses users’ login times by allowing (for example) the lastlogintime explore/users sort order.

References

blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10
github.com/advisories/GHSA-jhx5-4vr4-f327
github.com/go-gitea/gitea
github.com/go-gitea/gitea/pull/29430
github.com/go-gitea/gitea/releases/tag/v1.21.8
nvd.nist.gov/vuln/detail/CVE-2025-68943

Code Behaviors & Features

Detect and mitigate CVE-2025-68943 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →