CVE-2025-68945: Gitea: anonymous user can visit private user's project

December 26, 2025

In Gitea before 1.21.2, an anonymous user can visit a private user’s project.

References

blog.gitea.com/release-of-1.21.2
github.com/advisories/GHSA-7xq4-mwcp-q8fx
github.com/go-gitea/gitea
github.com/go-gitea/gitea/pull/28423
github.com/go-gitea/gitea/releases/tag/v1.21.2
nvd.nist.gov/vuln/detail/CVE-2025-68945

Code Behaviors & Features

Detect and mitigate CVE-2025-68945 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →