CVE Catalog

CVE-2026-25712

Low risk· EPSS 5%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

In Gitea versions before 1.25.5, insufficient visibility checks in organization permission APIs allow disclosure of hidden members and private organizations.

Risk Assessment

The risk involves unauthorized access to information about hidden members and private organizations, potentially compromising data confidentiality and organizational security policies.

Recommendation

It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which includes fixes for these vulnerabilities.

Original NVD description (English source)

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS