Impact
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent‑encoded backslashes in redirect_to values, enabling attackers to craft URLs that redirect users to arbitrary destinations. This can be used for phishing or malicious site navigation and is classified as CWE-601.
Affected Systems
The vulnerability affects all installations of the Gitea Open Source Git Server running version 1.25.4 or earlier. Versions 1.25.5 and later contain the fix.
Risk and Exploitability
An attacker can exploit the vulnerability with a single HTTP request to the affected endpoint, and the exploit is straightforward to detect. The EPSS score indicates a low probability of exploitation, and the KEV status shows that no known active exploitation exists. The open‑redirect nature presents a moderate risk by enabling phishing or malicious navigation attacks, potentially undermining user trust and confidentiality.
OpenCVE Enrichment
Github GHSA