CVE Catalog
CVE-2026-25712
Low risk· EPSS 5%Exploitation Probability (EPSS)
Low risk0.16%
5th percentile — higher than 5% of all known CVEs
Summary
In Gitea versions before 1.25.5, insufficient visibility checks in organization permission APIs allow disclosure of hidden members and private organizations.
Risk Assessment
The risk involves unauthorized access to information about hidden members and private organizations, potentially compromising data confidentiality and organizational security policies.
Recommendation
It is recommended to immediately upgrade Gitea to version 1.25.5 or later, which includes fixes for these vulnerabilities.
Original NVD description (English source)
Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.

