CVE-2026-25718
Gitea · Open Source Git Server
Gitea versions before 1.25.5 improperly handle path resolution during template repository generation, allowing reads or writes through symlinks or non-regular paths.
Executive summary
A critical path traversal vulnerability in Gitea prior to 1.25.5 permits unauthorized file system access during template processing, creating a high risk of system compromise.
Vulnerability
This is an improper link resolution vulnerability (CWE-59) occurring during template repository generation. An unauthenticated attacker can manipulate paths to read from or write to arbitrary locations on the server file system by exploiting the failure to properly validate symlinks.
Business impact
The CVSS score of 9.1 highlights the critical nature of this vulnerability. If exploited, an attacker could potentially read sensitive configuration files, steal credentials, or overwrite critical system files to achieve remote code execution, leading to a complete compromise of the Gitea server.
Remediation
Immediate Action: Upgrade to Gitea version v1.25.5 or later immediately to patch the insecure path resolution logic.
Proactive Monitoring: Review system logs for signs of unauthorized file access or unexpected file system operations. Monitor for any attempts to create or interact with symbolic links in repository directories.
Compensating Controls: Ensure the Gitea service runs with the least privilege possible to limit the scope of damage an attacker can inflict if they successfully exploit a file-system-level vulnerability.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Due to the critical severity and the potential for remote file system manipulation, this vulnerability should be treated as a high-priority incident. Patching to v1.25.5 is the only effective way to remediate the underlying path resolution flaw.