CVE-2025-68937
Published: 26 December 2025
Summary
CVE-2025-68937 is a critical-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Codeberg (inferred from references). Its CVSS base score is 9.5 (Critical).
Operationally, ranked at the 38.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-205401
Vulnerability details
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.