CNNVD-202512-4752 Information

Dec 25, 2025 cve

CNNVD ID

CNNVD-202512-4752

CVE-2025-68937

CNNVD Published: 2025-12-25

Description (Chinese)

Forgejo是一个轻量化git服务。 Forgejo 13.0.2之前版本存在安全漏洞，该漏洞源于对模板仓库符号链接目标处理不当，可能导致写入意外文件和获取服务器shell访问权限。

Description (English)

Forgejo is a light-quantitative git service. There was a security loophole in the previous version of Forgejo 13.0.2, which stemmed from the mishandling of the template warehouse symbol link target, which could lead to the inclusion of unexpected documents and access to server shell access.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-12-25

Last Modified

2026-02-24

References

https://codeberg.org/forgejo/forgejo/milestone/27340 https://codeberg.org/forgejo/forgejo/milestone/29156 https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md https://codeberg.org/forgejo/security-announcements/issues/43 https://access.redhat.com/security/cve/cve-2025-68937

Patch

https://forgejo.org/releases/

Share on: