CVE-2025-69413

Summary

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

Affected Software

VendorProductVersion RangeStatus
GiteaGitea0 < 1.25.2affected

Weaknesses

  • CWE-204: CWE-204 Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References