CVE Catalog

CVE-2026-25779

Low risk· EPSS 6%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

A vulnerability in Gitea up to version 1.25.4 allows redirect bypasses by using raw or percent-encoded backslashes in the redirect_to parameter.

Risk Assessment

An attacker can exploit this flaw to redirect users to malicious sites, potentially leading to session theft or credential phishing.

Recommendation

Immediately upgrade Gitea to version 1.25.5 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS