CVE-2025-69413

Name
CVE-2025-69413
Description
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://blog.gitea.com/release-of-1.25.2/
cve@mitre.org https://github.com/go-gitea/gitea/issues/35984
cve@mitre.org https://github.com/go-gitea/gitea/pull/36002
cve@mitre.org https://github.com/go-gitea/gitea/releases/tag/v1.25.2

Match rules

CPE URI Source package Min version Max version
gitea >= 0 < 1.25.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
gitea edge-community 1.24.6-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.6-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.6-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.5-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.1-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.1-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.1-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.1-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.24.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.8-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.7-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.7-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.6-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.6-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.5-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.5-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea edge-community 1.23.1-r2 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.23.1-r1 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.23.1-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.22.6-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.22.5-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.22.4-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.21.3-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.17.3-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.16.7-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.16.3-r0 None possibly vulnerable
gitea edge-community 1.14.6-r0 6543 <6543@obermui.de> possibly vulnerable
gitea edge-community 1.13.7-r0 None possibly vulnerable
gitea edge-community 1.13.7 None possibly vulnerable
gitea edge-community 1.13.6-r0 None possibly vulnerable
gitea edge-community 1.13.6 None possibly vulnerable
gitea edge-community 1.13.4-r0 None possibly vulnerable
gitea edge-community 1.13.2-r0 None possibly vulnerable
gitea edge-community 1.11.2-r0 None possibly vulnerable
gitea edge-community 1.5.2-r0 None possibly vulnerable
gitea edge-community 1.5.1-r0 None possibly vulnerable
gitea 3.23-community 1.24.6-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
gitea 3.23-community 1.24.6-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable