CVE-2025-68971

MEDIUM

Forgejo through 13.0.3 - DoS

Title source: llm

Description

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

Exploits (1)

nomisec STUB

by ChewKeanHo · poc

https://github.com/ChewKeanHo/research-cve-2025-68971

View Code ZIP pw:eip

References (4)

https://codeberg.org/forgejo/forgejo

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291973

https://zenodo.org/records/18945481

https://zenodo.org/records/19058493

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 4.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Published Mar 16, 2026

Tracked Since Mar 17, 2026