CVE Catalog

CVE-2026-25782

Low risk· EPSS 5%
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

A vulnerability in Gitea before version 1.25.5 allows deletion of time-tracked entries from another issue due to missing scoping of the lookup to the issue ID in the request URL.

Risk Assessment

An attacker can delete time entries from any issue, leading to data loss and disruption of time tracking within the organization.

Recommendation

Immediately upgrade Gitea to version 1.25.5 or later, which includes a fix that scopes time entry lookups to the specific issue.

Original NVD description (English source)

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS