CVE-2025-68937 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
mitre	CNA	9.5 CRITICAL				CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
forgejo	forgejo	12.0.0 ≤ 𝑥 < 13.0.2	CNA
forgejo	forgejo	𝑥 < 11.0.7	CNA

Common Weakness Enumeration

CWE-61 - UNIX Symbolic Link (Symlink) Following
The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

https://blog.gitea.com/release-of-1.24.7/

https://codeberg.org/forgejo/forgejo/milestone/27340

https://codeberg.org/forgejo/forgejo/milestone/29156

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md

https://codeberg.org/forgejo/security-announcements/issues/43