CVE-2025-68944
MEDIUMDescription
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
Is your site exposed to CVE-2025-68944?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| gitea | gitea |
References
Frequently Asked Questions
What is CVE-2025-68944? +
How severe is CVE-2025-68944? +
What products are affected by CVE-2025-68944? +
How do I check if I'm vulnerable to CVE-2025-68944? +
Related Vulnerabilities
An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform …
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface …
Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, …
Multiple input validation vulnerabilities in the Snowflake Spark Connector (spark-snowflake) versions prior to 3.2.1 can allow attackers to exfiltrate OAuth …
Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting …
Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST …