{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2025-68937", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2025-12-25T23:57:30.203Z", "datePublished": "2025-12-25T23:57:30.456Z", "dateUpdated": "2025-12-26T14:51:12.778Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Forgejo", "vendor": "Forgejo", "versions": [{"lessThan": "13.0.2", "status": "affected", "version": "12.0.0", "versionType": "semver"}, {"lessThan": "11.0.7", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "description": "CWE-61 UNIX Symbolic Link (Symlink) Following", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-12-26T01:00:13.916Z"}, "references": [{"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md"}, {"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md"}, {"url": "https://codeberg.org/forgejo/forgejo/milestone/29156"}, {"url": "https://codeberg.org/forgejo/forgejo/milestone/27340"}, {"url": "https://codeberg.org/forgejo/security-announcements/issues/43"}, {"url": "https://blog.gitea.com/release-of-1.24.7/"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.5, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:forgejo:forgejo:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.0.0", "versionEndExcluding": "13.0.2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:forgejo:forgejo:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.0.7"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-26T14:40:08.642834Z", "id": "CVE-2025-68937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-26T14:51:12.778Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-68937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-26T14:40:08.642834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-26T14:40:09.634Z"}}], "cna": {"metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.5, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"}}], "affected": [{"vendor": "Forgejo", "product": "Forgejo", "versions": [{"status": "affected", "version": "12.0.0", "lessThan": "13.0.2", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "11.0.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md"}, {"url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md"}, {"url": "https://codeberg.org/forgejo/forgejo/milestone/29156"}, {"url": "https://codeberg.org/forgejo/forgejo/milestone/27340"}, {"url": "https://codeberg.org/forgejo/security-announcements/issues/43"}, {"url": "https://blog.gitea.com/release-of-1.24.7/"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-61", "description": "CWE-61 UNIX Symbolic Link (Symlink) Following"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:forgejo:forgejo:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "13.0.2", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:forgejo:forgejo:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "11.0.7"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-12-26T01:00:13.916Z"}}}, "cveMetadata": {"cveId": "CVE-2025-68937", "state": "PUBLISHED", "dateUpdated": "2025-12-26T14:51:12.778Z", "dateReserved": "2025-12-25T23:57:30.203Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-12-25T23:57:30.456Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later."}], "id": "CVE-2025-68937", "lastModified": "2025-12-26T01:15:58.833", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.5, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-12-26T00:16:01.173", "references": [{"source": "[email protected]", "url": "https://blog.gitea.com/release-of-1.24.7/"}, {"source": "[email protected]", "url": "https://codeberg.org/forgejo/forgejo/milestone/27340"}, {"source": "[email protected]", "url": "https://codeberg.org/forgejo/forgejo/milestone/29156"}, {"source": "[email protected]", "url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md"}, {"source": "[email protected]", "url": "https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md"}, {"source": "[email protected]", "url": "https://codeberg.org/forgejo/security-announcements/issues/43"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-61"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "forgejo: Forgejo: Server shell access via symlink mishandling in template repositories", "id": "2425446", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425446"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-59", "details": ["A flaw was found in Forgejo. This vulnerability allows a remote attacker to write to unintended files and potentially gain server shell access. The flaw occurs due to mishandling of symlink destinations that point outside of the repository when processing template repositories. This could lead to unauthorized control over the server."], "name": "CVE-2025-68937", "public_date": "2025-12-25T23:57:30Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-68937\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68937\nhttps://codeberg.org/forgejo/forgejo/milestone/27340\nhttps://codeberg.org/forgejo/forgejo/milestone/29156\nhttps://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md\nhttps://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md\nhttps://codeberg.org/forgejo/security-announcements/issues/43"], "statement": "This vulnerability is rated MODERATE because although it allows a remote attacker with low privileges to achieve server shell access in Forgejo due to improper handling of symlinks in template repositories, Red Hat's software safety guardrails in EPEL and Fedora limits the exploitability of this vulnerability on our systems. It affects Forgejo as distributed in Red Hat Community Projects, including Fedora and EPEL.", "threat_severity": "Moderate"}