CVE-2025-68937
Unknown Unknown - Not Provided
Symlink Handling Flaw in Forgejo Enables Remote Code Execution

Publication date: 2025-12-26

Last updated on: 2025-12-26

Assigner: MITRE

Description
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-26
Last Modified
2025-12-26
Generated
2026-06-16
AI Q&A
2025-12-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68937
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
forgejo forgejo 13.0.2
forgejo forgejo 11.0.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68937 is a critical security vulnerability in Forgejo versions before 13.0.2 (and 11 LTS before 11.0.7) where attackers can exploit mishandling of symbolic links (symlinks) in repository templates. Specifically, when creating a repository from a template, Forgejo would follow symlinks pointing outside the repository and write files to unintended locations on the server. This can lead to corruption of server files and, under certain conditions, allow attackers to gain remote shell access to the server. The vulnerability arises from insufficient sandboxing of file access during template processing, allowing path traversal and symlink exploitation. [2, 4, 5]

Impact Analysis

This vulnerability can impact you by allowing attackers to write to arbitrary files on the Forgejo server or container where the server process has write access. This can cause file corruption and, in specific configurations (such as SSH Git access with Forgejo managing authorized_keys and internal SSH server disabled), it can lead to remote shell access, effectively giving attackers control over the server. This compromises the integrity and security of your Forgejo server environment. [2, 4, 5]

Mitigation Strategies

To mitigate CVE-2025-68937, immediately upgrade Forgejo to version 13.0.2 or later, or if using the LTS version, upgrade to 11.0.7 or later. These versions include fixes that sandbox file access during repository template expansion to prevent out-of-repository symlink traversal and path traversal attacks. Additionally, ensure that your Forgejo configuration does not allow unauthorized SSH Git access that could be exploited, and verify that Forgejo manages authorized_keys files securely. Applying these updates will prevent attackers from writing to unintended files or gaining remote shell access via symlink exploitation. [2, 4, 5]

Compliance Impact

The vulnerability includes a privacy issue where the commit API exposed the author's primary email address in commit data, which could violate privacy expectations under regulations like GDPR. The fix replaces the private email with the signature's identity, aligning with privacy best practices. However, the critical vulnerability allowing unauthorized file writes and potential remote shell access could lead to unauthorized data access or modification, which may impact compliance with data protection regulations by risking confidentiality and integrity of data. Overall, the fixes improve privacy and security, helping maintain compliance with standards that require protection of personal data and secure system access. [2, 4, 5]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68937. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart