FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Forgejo -- Symbolic Link (Symlink) Following

Affected packages
forgejo < 13.0.2

Details

VuXML ID 963f4e9d-e4d5-11f0-984f-b42e991fc52e
Discovery 2025-12-25
Entry 2025-12-29

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.

[source]

References

CVE Name CVE-2025-68937
URL https://cveawg.mitre.org/api/cve/CVE-2025-68937

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.