Description
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.
Published: 2026-07-03
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent‑encoded backslashes in redirect_to values, enabling attackers to craft URLs that redirect users to arbitrary destinations. This can be used for phishing or malicious site navigation and is classified as CWE-601.

Affected Systems

The vulnerability affects all installations of the Gitea Open Source Git Server running version 1.25.4 or earlier. Versions 1.25.5 and later contain the fix.

Risk and Exploitability

An attacker can exploit the vulnerability with a single HTTP request to the affected endpoint, and the exploit is straightforward to detect. The EPSS score indicates a low probability of exploitation, and the KEV status shows that no known active exploitation exists. The open‑redirect nature presents a moderate risk by enabling phishing or malicious navigation attacks, potentially undermining user trust and confidentiality.

Generated by OpenCVE AI on July 6, 2026 at 09:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Gitea to version 1.25.5 or later to eliminate the vulnerability.
  • If an immediate upgrade is not possible, configure the server to accept redirect_to values only from a whitelist of trusted domains or disable external redirects entirely.
  • Validate and sanitize the redirect_to parameter on all endpoints to reject raw or percent‑encoded backslash sequences that could lead to unintended redirects.

Generated by OpenCVE AI on July 6, 2026 at 09:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j5r2-4c8j-xc3m Gitea: Open Redirect via redirect_to
History

Fri, 03 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Description Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.
Title Gitea redirect handling permits open redirects through backslash paths
Weaknesses CWE-601
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Gitea

Published:

Updated: 2026-07-03T20:19:33.452Z

Reserved: 2026-02-22T15:13:33.665Z

Link: CVE-2026-25779

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T04:15:09Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')