CVE-2025-68937
Description
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
Is your site exposed to CVE-2025-68937?
Run a free security scan — no signup, results in seconds.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-68937? +
How do I check if I'm vulnerable to CVE-2025-68937? +
Related Vulnerabilities
Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version …
Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user …
`zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction …
Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of …
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source …
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate …