CVE-2025-68971 | THREATINT

Description

In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).

PUBLISHED Reserved 2025-12-27 | Published 2026-03-16 | Updated 2026-03-17 | Assigner mitre

References

codeberg.org/forgejo/forgejo

bugs.freebsd.org/bugzilla/show_bug.cgi?id=291973

zenodo.org/records/18945481

zenodo.org/records/19058493

cve.org (CVE-2025-68971)

nvd.nist.gov (CVE-2025-68971)

Download JSON