CVE-2025-68937 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
mitre	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-61 - UNIX Symbolic Link (Symlink) Following
The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

https://blog.gitea.com/release-of-1.24.7/

https://codeberg.org/forgejo/forgejo/milestone/27340

https://codeberg.org/forgejo/forgejo/milestone/29156

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md

https://codeberg.org/forgejo/security-announcements/issues/43