CVE Catalog

CVE-2026-25718

Low risk· EPSS 7%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A vulnerability in Gitea before version 1.25.5 mishandles path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.

Risk Assessment

An attacker could exploit this vulnerability to read or write files outside the intended directory, potentially leading to disclosure of sensitive data or modification of critical system files.

Recommendation

Upgrade Gitea to version 1.25.5 or later, which includes a fix for this issue.

Original NVD description (English source)

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS