Home / Vulnerability Intelligence / CVE-2025-68971

CVE-2025-68971 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: March 17, 2026

Forgejo - Denial of Service

Published: March 16, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

Forgejo <= 13.0.3 contains a denial of service caused by uploading multi-gigabyte file attachments in the attachment component, letting attackers cause service disruption, exploit requires ability to upload large files.

Severity & Score

Severity: Medium

CVSS Score: 6.5

Impact

Attackers can cause service disruption by uploading very large files, leading to denial of service.

Mitigation

Update to the latest version beyond 13.0.3.

References

https://codeberg.org/forgejo/forgejo
https://zenodo.org/records/18945481
https://zenodo.org/records/19058493
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291973

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-68971
Severity: Medium
CVSS Score: 6.5
Type: denial_of_service
Status: unconfirmed

CWE

CWE-400

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H