CVE-2025-68944: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries

December 26, 2025

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

References

blog.gitea.com/release-of-1.22.2
github.com/advisories/GHSA-f85h-c7m6-cfpm
github.com/go-gitea/gitea
github.com/go-gitea/gitea/pull/31967
github.com/go-gitea/gitea/releases/tag/v1.22.2
nvd.nist.gov/vuln/detail/CVE-2025-68944

Code Behaviors & Features

Detect and mitigate CVE-2025-68944 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →