CVE-2025-68937

Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 13.0.2 Forgejo version 11.0.7 and later

Description The software contains a flaw related to the handling of symlinks within template repositories. This mishandling could allow attackers to write to unintended files, potentially gaining server shell access. The issue stems from out-of-repository symlink destinations. The vulnerability enables unauthorized file write through symlink traversal in template repositories, potentially leading to remote code execution.

Recommendations Forgejo versions prior to 13.0.2 should be updated to version 13.0.2 or later. Forgejo version 11 LTS should be updated to version 11.0.7 or later.