CVE-2025-68937

CRITICAL

Forgejo 11.0.0-11.0.6 and 12.0.0-13.0.1 - Arbitrary File Write via Template Repository Symlink Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-68937. PoCs published by ClemaX.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-68937, an arbitrary template expansion vulnerability in Gitea and Forgejo. It explains the root cause (symbolic link dereference during template processing) and includes step-by-step reproduction instructions.

Description

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.

Exploits (1)

nomisec WRITEUP
by ClemaX · poc
https://github.com/ClemaX/Gitea-Forgejo-CVE-2025-68937

This repository provides a detailed technical analysis of CVE-2025-68937, an arbitrary template expansion vulnerability in Gitea and Forgejo. It explains the root cause (symbolic link dereference during template processing) and includes step-by-step reproduction instructions.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Gitea (v1.11.0-rc1 to v1.24.6), Forgejo (v11.0.6, v12.0.0 to v13.0.1)
Auth required
Prerequisites: Authenticated user access · Knowledge of the git user's home directory path · Ability to create repositories
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v4 9.5
EPSS 0.0049
EPSS Percentile 38.0%
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-61
Status published
Products (2)
Forgejo/Forgejo < 11.0.7
Forgejo/Forgejo 12.0.0 - 13.0.2
Published Dec 26, 2025
Tracked Since Feb 18, 2026