Input validation error in gogs - CVE-2025-64719
Published: June 19, 2026
Vulnerability identifier: #VU134913
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-64719
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: gogs.io
Affected software:
gogs
gogs
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper input validation in repository and wiki file listing pages when recovering commit information for crafted file or page names containing incomplete git pathspec sequences. A remote privileged user can create a specially crafted file or wiki page name to cause a denial of service.
The issue affects the web interface for repository or wiki listings and persists as long as the crafted file remains present.
How to mitigate CVE-2025-64719
Install security update from vendor's website.