CVE Catalog
CVE-2026-25779
Low risk· EPSS 6%Exploitation Probability (EPSS)
Low risk0.17%
6th percentile — higher than 6% of all known CVEs
Summary
A vulnerability in Gitea up to version 1.25.4 allows redirect bypasses by using raw or percent-encoded backslashes in the redirect_to parameter.
Risk Assessment
An attacker can exploit this flaw to redirect users to malicious sites, potentially leading to session theft or credential phishing.
Recommendation
Immediately upgrade Gitea to version 1.25.5 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.

