CVE-2025-68937 – Forgejo Symlink Destination Template Repository Write Access Vulnerability

CVE ID : CVE-2025-68937

Published : Dec. 25, 2025, 11:57 p.m. | 24 minutes ago

Description : Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…