Vulnerability Report: GO-2025-4266
- CVE-2025-68943, GHSA-jhx5-4vr4-f327
- Affects: code.gitea.io/gitea
- Published: Dec 30, 2025
Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-jhx5-4vr4-f327 or https://nvd.nist.gov/vuln/detail/CVE-2025-68943.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/advisories/GHSA-jhx5-4vr4-f327
- https://nvd.nist.gov/vuln/detail/CVE-2025-68943
- https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10
- https://github.com/go-gitea/gitea/pull/29430
- https://github.com/go-gitea/gitea/releases/tag/v1.21.8
- https://vuln.go.dev/ID/GO-2025-4266.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.