Impact
Gitea versions older than 1.25.5 improperly resolve paths when generating a template repository, allowing a path traversal through symlinks or other non‑regular paths (CWE‑59). This flaw enables an attacker with sufficient access to read arbitrary files on the host or to overwrite files, potentially compromising configuration files, sensitive data, and providing a foothold for further compromise.
Affected Systems
The vulnerability affects all installations of the Gitea Open Source Git Server running any version prior to v1.25.5. Any instance that permits users to generate template repositories—whether in development or production—remains susceptible, regardless of the deployment environment.
Risk and Exploitability
The EPSS score of less than 1% indicates a very low exploitation probability, and the issue is not listed in the CISA KEV catalog, suggesting no confirmed widespread exploitation yet. The likely attack vector is an attacker who can initiate template repository creation within an authenticated Gitea session, as the flaw is exposed through the template generation process; this inference is based on the description that the vulnerability is triggered by template processing. Once triggered, the attacker can read or overwrite files, posing a significant confidentiality and integrity risk to the host filesystem. The attack surface is therefore limited to deployments where template generation is enabled and the user possesses sufficient permissions within Gitea to start that process.
OpenCVE Enrichment