Back to Explorer

CVE-2025-69413

PUBLISHED
1/1/2026 8254265b-2729-46b6-b9e3-3dfca2d5bfca

Technical Description

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

Affected Products

Gitea
Gitea
0

References

https://blog.gitea.com/release-of-1.25.2/
External Link
https://github.com/go-gitea/gitea/releases/tag/v1.25.2
External Link
https://github.com/go-gitea/gitea/issues/35984
External Link
https://github.com/go-gitea/gitea/pull/36002
External Link
5.3 CVSS v3.1
MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None