Gitea Vulnerabilities Allow Bypass, Data Manipulation, Disclosure
Summary
CERT-Bund has issued a security advisory for Gitea, detailing multiple vulnerabilities with a CVSS base score of 7.3. These vulnerabilities can allow attackers to bypass security measures, manipulate data, and disclose confidential information. Users are advised to update to Gitea version 1.25.5 or later.
What changed
CERT-Bund has released a security advisory (WID-SEC-2026-0737) concerning multiple vulnerabilities in Gitea, a popular open-source GitHub clone. The vulnerabilities, rated with a high CVSS base score of 7.3, allow remote attackers to bypass security controls, manipulate data, disclose confidential information, and potentially cause denial-of-service conditions. The advisory specifically affects Gitea versions prior to 1.25.5 across various operating systems including Linux, UNIX, and Windows.
Organizations utilizing Gitea should immediately update their instances to version 1.25.5 or a later release to mitigate these risks. Failure to apply the update could expose systems to data breaches, manipulation, and other security compromises. While no specific compliance deadline is mentioned, prompt patching is critical for maintaining data integrity and security.
What to do next
- Update Gitea instances to version 1.25.5 or later.
- Review system logs for any signs of exploitation.
Source document (simplified)
[WID-SEC-2026-0737] Gitea: Mehrere Schwachstellen CVSS Base Score 7.3 (hoch) CVSS Temporal Score 6.4 (mittel) Remoteangriff ja Datum 16.03.2026 Stand 17.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
Gitea ist ein quelloffener Github-Klon.
Produkte
16.03.2026
- Open Source Gitea <1.25.5
Angriff
Angriff
Ein Angreifer kann mehrere Schwachstellen in Gitea ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen oder andere, nicht näher spezifizierte Angriffe durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.