Denial of Service in Gogs: Self-hosted Git Service Vulnerability
CVE-2025-64719

4.9MEDIUM

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 24 June 2026

What is CVE-2025-64719?

A vulnerability exists in Gogs, an open-source self-hosted Git service, where a malicious user with permissions to create files can exploit the system, leading to a denial of service. Specifically, when attempting to retrieve commit information from repositories or wiki pages, the system can return an HTTP error 500, causing the web interface to become unresponsive. This issue is located in the internal routes handling file for repositories and wikis, where failure in recovering commit details results in service interruptions. The vulnerability has been addressed in version 0.14.3.

Affected Version(s)

gogs < 0.14.3

References

https://github.com/gogs/gogs/security/advisories/GHSA-3qq...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Nov 10, 2025

CVE-2025-64719 Data

JSON