CVE-2026-25712 PUBLISHED

Gitea organization permission APIs expose private visibility information

Assigner: Gitea
Reserved: 03.03.2026 Published: 03.07.2026 Updated: 03.07.2026

Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.

Product Status

Vendor Gitea
Product Gitea Open Source Git Server
Versions Default: unaffected
  • affected from 0 to 1.25.5 (excl.)

Credits

  • Maximilian Luff, Daniel Zahl, Marcus Gelderie reporter

References

Problem Types

  • CWE-284 CWE