CVE-2025-68938
Authorization Bypass in Gitea Releases Deletion Before
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitea | gitea | 1.25.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68938 is a security vulnerability in Gitea versions before 1.25.2 where the software mishandles authorization for deleting releases. This means that the permission checks controlling who can delete releases were flawed, potentially allowing unauthorized users to delete release tags or content. The fix involved correcting permission checks to ensure only properly authorized users can perform deletion actions, along with other related permission and authentication improvements. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to delete releases in your Gitea repository, which could lead to loss of important release data or disruption of your software distribution. Although it does not affect confidentiality or integrity of the code directly, it can cause availability issues by removing release artifacts. Additionally, improper authorization could lead to privilege escalation or unauthorized actions within your repository management. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying if your Gitea instance is running a version prior to 1.25.2, as those versions mishandle authorization for deletion of releases. You can check the Gitea version by running the command `gitea --version` on the server hosting Gitea. Additionally, monitoring API calls related to release deletion for unauthorized attempts or unexpected HTTP 200 responses when unauthorized users attempt deletions may help detect exploitation attempts. However, no specific detection commands or signatures are provided in the available resources. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade your Gitea instance to version 1.25.2 or later, which includes fixes for CVE-2025-68938. This update corrects permission validations for deleting releases and other related security improvements. If upgrading immediately is not possible, restrict access to the release deletion functionality to trusted users only and monitor logs for suspicious activity. Applying the official patch or update from the Gitea project is strongly recommended to ensure proper authorization handling. [1, 2, 3]