vulnerability
FreeBSD: VID-963f4e9d-e4d5-11f0-984f-b42e991fc52e (CVE-2025-68937): Forgejo -- Symbolic Link (Symlink) Following
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Dec 29, 2025 | Jan 27, 2026 | Jan 27, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Dec 29, 2025
Added
Jan 27, 2026
Modified
Jan 27, 2026
Description
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
Solution
freebsd-upgrade-package-forgejo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.