CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
We have discovered 473 live websites that are affected by CVE-2025-68940.
Common Weakness Enumeration
CWE-863 Incorrect AuthorizationDetails
- Published - Dec 26, 2025
- Updated - Dec 26, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-68940 United States | 98 websites |
 Germany | 146 websites |
 France | 82 websites |
 Russia | 33 websites |
 Singapore | 17 websites |
 Netherlands | 10 websites |
 Canada | 9 websites |
 Czech Republic | 7 websites |
 Switzerland | 7 websites |
Website Distribution by TLD
Number of websites using CVE-2025-68940| .com | 94 websites |
| .de | 71 websites |
| .net | 51 websites |
| .org | 43 websites |
| .fr | 23 websites |
| .ru | 16 websites |
| .eu | 8 websites |
| .io | 8 websites |
| .info | 7 websites |
| .it | 7 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-68940
Top websites that are affected by CVE-2025-68940. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.******.com | Switzerland | ***,*** | |
| ***.*******.net | United States | ***,*** | |
| ******.fr | France | ***,*** | |
| ****.********.ch | Switzerland | *,***,*** | |
| ***.*******.ca | Canada | *,***,*** | |
| ***.************.com | France | *,***,*** | |
| *****************.xn--p1ai | Russia | *,***,*** | |
| ****.*****.de | Germany | *,***,*** | |
| ******.*************.de | Germany | *,***,*** | |
| ***.*******.com | Germany | *,***,*** |
FAQ
CVE-2025-68940 is Incorrect Authorization in Gitea
A total of 473 websites have been identified as vulnerable to CVE-2025-68940, based on global website indexing conducted by WebTechSurvey.
The Gitea is affected by the CVE-2025-68940 vulnerability.
Gitea versions up to 1.22.5 are vulnerable to CVE-2025-68940.
CVE-2025-68940 is resolved in version 1.22.5 of Gitea.