CVE-2025-68971

MEDIUM

Forgejo <= 13.0.3 - Denial of Service via Large File Attachment Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-68971. PoCs published by ChewKeanHo.

AI-analyzed exploit summary The repository contains only GitHub issue templates and CI/CD configuration files, with no actual exploit code or technical details related to CVE-2025-68971.

Description

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

Exploits (1)

nomisec STUB

by ChewKeanHo · poc

https://github.com/ChewKeanHo/research-cve-2025-68971

View Code ZIP pw:eip

The repository contains only GitHub issue templates and CI/CD configuration files, with no actual exploit code or technical details related to CVE-2025-68971.

Classification

Stub 90%

Attack Type

Other

Complexity

N/a

Reliability

N/a

Target: N/A

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 17, 2026 Full analysis →

References (4)

Core 4

Core References

https://codeberg.org/forgejo/forgejo

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291973

https://zenodo.org/records/18945481

https://zenodo.org/records/19058493

Scores

CVSS v3 6.5

EPSS 0.0047

EPSS Percentile 36.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Published Mar 16, 2026

Tracked Since Mar 17, 2026