CVE-2025-64719 - Vulnerability Details

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. The issue is present in file internal/route/repo/wiki.go and internal/route/repo/view.go where the pages try to recover commit information. If errors are returned while recovering commit information, the page will return a 500 error and stop rendering, resulting in a denial of service. This vulnerability is fixed in 0.14.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gogs	Gogs

No data.

References

Link	Providers
https://github.com/gogs/gogs/security/advisories/GHSA-3qq3-668m-v9mj

History

Thu, 25 Jun 2026 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gogs Gogs gogs
Vendors & Products		Gogs Gogs gogs

Wed, 24 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description		Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. The issue is present in file internal/route/repo/wiki.go and internal/route/repo/view.go where the pages try to recover commit information. If errors are returned while recovering commit information, the page will return a 500 error and stop rendering, resulting in a denial of service. This vulnerability is fixed in 0.14.3.
Title		Gogs: Denial of Service in repository/wiki file listing web pages
Weaknesses		CWE-20
References		https://github.com/gogs/gogs/security/advisories/GHSA-3qq3-668m-v9mj
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-24T20:03:07.239Z

Updated: 2026-06-24T20:03:07.239Z

Reserved: 2025-11-10T14:07:42.922Z

Link: CVE-2025-64719

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object