Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
PUBLISHED5.2CWE-61
Problem type
Affected products
Forgejo
Forgejo
< 13.0.2 - AFFECTED
< 11.0.7 - AFFECTED
References
codeberg.org
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md
codeberg.org
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md
codeberg.org
https://codeberg.org/forgejo/forgejo/milestone/29156
codeberg.org
https://codeberg.org/forgejo/forgejo/milestone/27340
codeberg.org
https://codeberg.org/forgejo/security-announcements/issues/43
blog.gitea.com
https://blog.gitea.com/release-of-1.24.7/
GitHub Security Advisories
GHSA-7mhf-6fhv-c83c
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server...
https://github.com/advisories/GHSA-7mhf-6fhv-c83cForgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-68937
codeberg.org
https://codeberg.org/forgejo/forgejo/milestone/27340
codeberg.org
https://codeberg.org/forgejo/forgejo/milestone/29156
codeberg.org
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md
codeberg.org
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md
codeberg.org
https://codeberg.org/forgejo/security-announcements/issues/43
blog.gitea.com
https://blog.gitea.com/release-of-1.24.7
github.com
https://github.com/advisories/GHSA-7mhf-6fhv-c83c
JSON source
https://cveawg.mitre.org/api/cve/CVE-2025-68937Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-68937",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"dateUpdated": "2025-12-26T14:51:12.778Z",
"dateReserved": "2025-12-25T23:57:30.203Z",
"datePublished": "2025-12-25T23:57:30.456Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre",
"dateUpdated": "2025-12-26T01:00:13.916Z"
},
"descriptions": [
{
"lang": "en",
"value": "Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later."
}
],
"affected": [
{
"vendor": "Forgejo",
"product": "Forgejo",
"defaultStatus": "unaffected",
"versions": [
{
"version": "12.0.0",
"status": "affected",
"versionType": "semver",
"lessThan": "13.0.2"
},
{
"version": "0",
"status": "affected",
"versionType": "semver",
"lessThan": "11.0.7"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"cweId": "CWE-61",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md"
},
{
"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md"
},
{
"url": "https://codeberg.org/forgejo/forgejo/milestone/29156"
},
{
"url": "https://codeberg.org/forgejo/forgejo/milestone/27340"
},
{
"url": "https://codeberg.org/forgejo/security-announcements/issues/43"
},
{
"url": "https://blog.gitea.com/release-of-1.24.7/"
}
],
"metrics": [
{}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-12-26T14:51:12.778Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}