CVE-2026-25718
Low risk· EPSS 7%Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A vulnerability in Gitea before version 1.25.5 mishandles path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.
Risk Assessment
An attacker could exploit this vulnerability to read or write files outside the intended directory, potentially leading to disclosure of sensitive data or modification of critical system files.
Recommendation
Upgrade Gitea to version 1.25.5 or later, which includes a fix for this issue.
Original NVD description (English source)
Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.

