CVE Catalog
CVE-2026-25782
Low risk· EPSS 5%Exploitation Probability (EPSS)
Low risk0.16%
5th percentile — higher than 5% of all known CVEs
Summary
A vulnerability in Gitea before version 1.25.5 allows deletion of time-tracked entries from another issue due to missing scoping of the lookup to the issue ID in the request URL.
Risk Assessment
An attacker can delete time entries from any issue, leading to data loss and disruption of time tracking within the organization.
Recommendation
Immediately upgrade Gitea to version 1.25.5 or later, which includes a fix that scopes time entry lookups to the specific issue.
Original NVD description (English source)
Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.

