CVE-2025-68939
HIGHDescription
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
Is your site exposed to CVE-2025-68939?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitea | gitea |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-68939? +
How severe is CVE-2025-68939? +
What products are affected by CVE-2025-68939? +
How do I check if I'm vulnerable to CVE-2025-68939? +
Related Vulnerabilities
A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access …
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, …
An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to …
An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access …
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside …
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on …