CVE-2025-68939

CVE-2025-68939

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Published Dec 27, 2025

CVSS ScoreMedium

5.3

CVE-2025-68939

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

Published Dec 27, 2025

CVSS ScoreMedium

5.3

CVE ID: CVE-2025-68939
CWE: CWE-424
CVE Description: Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
Published: Dec 27, 2025
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score: 0.013%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://github.com/advisories/GHSA-263q-5cv3-xq9gTHIRD_PARTY

CVE ID: CVE-2025-68939
CWE: CWE-424
CVE Description: Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
Published: Dec 27, 2025
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score: 0.013%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://github.com/advisories/GHSA-263q-5cv3-xq9gTHIRD_PARTY

Find vulnerabilities. Fix fast with AI.