CVE-2025-68946
Cross-Site Scripting in Gitea Links via Forbidden URL Scheme
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitea | gitea | 1.20.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Gitea versions before 1.20.1 allows the use of forbidden URL schemes such as 'javascript:' in links. These dangerous URL schemes can be exploited to execute arbitrary code on a user's computer when they click on a malicious link, leading to a cross-site scripting (XSS) attack. The issue arises because the application did not properly restrict these URL schemes, allowing attackers to inject harmful scripts via links. [1, 2]
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to execute arbitrary code on your computer through malicious links containing dangerous URL schemes like 'javascript:'. This can lead to security risks such as unauthorized access, data leakage, or other malicious activities triggered by clicking on crafted links within the Gitea application. It poses a significant security risk especially when interacting with untrusted sources. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your Gitea instance is running a version prior to 1.20.1, as versions before this allow dangerous URL schemes such as 'javascript:' in links. To identify potentially malicious links, you could search the database or exported data for URLs starting with 'javascript:', 'vbscript:', or 'data:' schemes. For example, if you have access to the Gitea database, you might run SQL queries to find such URLs in issues, comments, or wiki pages. Additionally, monitoring HTTP traffic for suspicious URL schemes in links served by Gitea could help detect exploitation attempts. Specific commands depend on your environment, but a sample grep command on exported data or logs could be: grep -rE 'href=["\'](javascript:|vbscript:|data:)' /path/to/gitea/data. However, no explicit detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade your Gitea installation to version 1.20.1 or later, where this vulnerability is fixed by disallowing dangerous URL schemes such as 'javascript:', 'vbscript:', and 'data:' (except for data URI images). This update prevents execution of arbitrary code via malicious links. Applying this update is critical to secure your system. Additionally, review and sanitize any existing content that may contain dangerous URL schemes to prevent exploitation until the upgrade is applied. [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows execution of arbitrary code via dangerous URL schemes, it could potentially lead to unauthorized access or leakage of user information, which may affect compliance with data protection regulations. The fix prevents such exploitation by disallowing dangerous URL schemes, thereby improving security posture. Still, no direct mention of compliance impact is given. [1, 2]