CVE-2025-8110
Gogs Path Traversal Vulnerability - [Actively Exploited]
Description
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
INFO
Published Date :
Dec. 10, 2025, 2:16 p.m.
Last Modified :
Jan. 20, 2026, 1:47 p.m.
Remotely Exploit :
Yes !
Source :
9947ef80-c5d5-474a-bbab-97341a59000e
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8110
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 4.0 | HIGH | 9947ef80-c5d5-474a-bbab-97341a59000e | ||||
| CVSS 4.0 | HIGH | 9947ef80-c5d5-474a-bbab-97341a59000e |
Solution
- Update Gogs to the latest version.
- Review and sanitize all symbolic link operations.
- Implement strict input validation for API calls.
Public PoC/Exploit Available at Github
CVE-2025-8110 has a 9 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-8110.
| URL | Resource |
|---|---|
| http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit | Exploit Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2025/12/11/3 | Mailing List |
| http://www.openwall.com/lists/oss-security/2025/12/11/4 | Mailing List |
| http://www.openwall.com/lists/oss-security/2026/01/17/4 | Mailing List |
| http://www.openwall.com/lists/oss-security/2026/01/18/1 | Mailing List |
| http://www.openwall.com/lists/oss-security/2026/01/18/2 | Mailing List |
| https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 | Patch |
| https://github.com/gogs/gogs/pull/8078 | Exploit Issue Tracking Patch Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 | Third Party Advisory US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-8110 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-8110
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
🔍 Detect improper symbolic link handling in Gogs' PutContents API, exposing local code execution risks for versions 0.13.3 and earlier.
action-recognition agent chinese cv gluon image-classification jupyter-notebook llm machine-learning mxnet nlp notebook object-detection pose-estimation python semantic-segmentation
None
验证 Gogs 版本 0.13.2 是否存在 **CVE-2025-8110 (符号链接文件覆盖)** 漏洞。
Python Shell
CVE-2025-8110 PoC
Python
CVE-2025-8110
Python
Detection template for CVE-2025-8110
一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits.
A list of all of my starred repos, automated using Github Actions 🌟
github-actions stars
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-8110 vulnerability anywhere in the article.
-
TheCyberThrone
Microsoft Patch Tuesday – January 2026
January 14, 2026Microsoft’s January 13, 2026, Patch Tuesday release addresses 114 vulnerabilities, including one actively exploited zero-day in Desktop Window Manager, eight critical flaws, and three ... Read more
-
security.nl
VS meldt actief misbruik van path traversal-lek in Git-service Gogs
Aanvallers maken actief misbruik van een path traversal-lek in Git-service Gogs, zo laat het Amerikaanse cyberagentschap CISA weten. Volgens securitybedrijf Wiz wordt het beveiligingslek al zeker sind ... Read more
-
CybersecurityNews
CISA Warns of Gogs Path Traversal Vulnerability Exploited in Attacks
A critical warning about a path traversal vulnerability in Gogs, a self-hosted Git service, that is being actively exploited in the wild. The vulnerability, tracked as CVE-2025-8110, was added to CISA ... Read more
-
The Hacker News
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
Jan 13, 2026Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impac ... Read more
-
Daily CyberSecurity
AI Identity Theft: Critical ServiceNow Flaw (CVE-2025-12420) Allows Unauthenticated Impersonation
A critical vulnerability has been uncovered in the ServiceNow AI Platform, potentially allowing unauthenticated attackers to masquerade as legitimate users. With a severity score of 9.3 out of 10, the ... Read more
-
Daily CyberSecurity
CISA “Must-Patch” Alert: Critical Gogs Exploit CVE-2025-8110 Active in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has added a dangerous new entry to its “Must-Patch” list, warning that a popular tool used by developers worldwide is actively being exploit ... Read more
-
TheCyberThrone
CISA Adds Gogs RCE Vulnerability CVE-2025-8110 to KEV
January 13, 2026The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-8110, a high-severity remote code execution flaw in Gogs (Go Git Service), to its Known Exploited Vu ... Read more
-
BleepingComputer
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day atta ... Read more
-
Daily CyberSecurity
The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry
Recently, the code hosting platform GitHub published a blog post announcing that, starting March 1, 2026, GitHub Actions would begin charging an additional platform fee. Under the proposed change, dev ... Read more
-
Daily CyberSecurity
CVE-2025-37164 (CVSS 10.0): Unauthenticated HPE OneView RCE Grants Total Control Over Data Centers
Hewlett Packard Enterprise (HPE) has sounded the alarm on a catastrophic security vulnerability in its flagship infrastructure management software, OneView. The flaw, tracked as CVE-2025-37164, has be ... Read more
-
Daily CyberSecurity
CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that ha ... Read more
-
Daily CyberSecurity
Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit
A critical zero-day vulnerability in Cisco’s secure email appliances is under active siege by a sophisticated Chinese hacking group, granting them total control over sensitive network gateways. The ca ... Read more
-
Daily CyberSecurity
Academic Ambush: How the Forum Troll APT Hijacks Scholars’ Systems via Fake Plagiarism Reports
A relentless Advanced Persistent Threat (APT) group known as “Forum Troll” has shifted its crosshairs from corporate networks to the academic elite, launching a precision phishing campaign against Rus ... Read more
-
Daily CyberSecurity
Locked Out of the Cloud: Hackers Use AWS Termination Protection to Hijack ECS for Unstoppable Crypto Mining
In a striking display of cloud-native tradecraft, cybercriminals have been caught turning legitimate AWS environments into illicit cryptocurrency mining farms, utilizing a “novel persistence technique ... Read more
-
Daily CyberSecurity
Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures
A sophisticated Russian Advanced Persistent Threat (APT) group has launched a targeted credential harvesting campaign against the governing body of Transnistria (the Pridnestrovian Moldavian Republic) ... Read more
-
Daily CyberSecurity
“Better Auth” Framework Alert: The Double-Slash Trick That Bypasses Security Controls
A high-severity vulnerability has been disclosed in Better Auth, a rapidly growing authentication framework for TypeScript, potentially allowing attackers to bypass critical access controls with a sim ... Read more
-
Daily CyberSecurity
Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes
A sophisticated Chinese cyber-espionage group is rewriting the rules of persistence, turning compromised government servers into a living, breathing command network. A new report from Check Point Rese ... Read more
-
Daily CyberSecurity
CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover
A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text manipulation, preventing what could have been a widespread remote code execution (RCE) crisis. T ... Read more
-
Daily CyberSecurity
Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users
A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of developers to retrieve system metrics. Tracked as CVE-2025-68154, the fla ... Read more
-
Daily CyberSecurity
Self-Hosting No Longer Free: GitHub Introduces New $0.002/Min Platform Fee for Actions
Microsoft-owned code hosting platform GitHub has announced a new pricing change for its Actions service. Previously, GitHub Actions offered a free control plane: as long as workflows ran on servers no ... Read more
The following table lists the changes that have been made to the
CVE-2025-8110 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Jan. 20, 2026
Action Type Old Value New Value Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/01/17/4 Types: Mailing List Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/01/18/1 Types: Mailing List Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/01/18/2 Types: Mailing List -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jan. 18, 2026
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2026/01/18/1 Added Reference http://www.openwall.com/lists/oss-security/2026/01/18/2 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Jan. 17, 2026
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2026/01/17/4 -
Initial Analysis by [email protected]
Jan. 13, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* versions up to (including) 0.13.3 Added Reference Type CISA-ADP: https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 Types: Patch Added Reference Type CISA-ADP: https://github.com/gogs/gogs/pull/8078 Types: Exploit, Issue Tracking, Patch, Vendor Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 Types: Third Party Advisory, US Government Resource Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/12/11/3 Types: Mailing List Added Reference Type Wiz: http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Types: Exploit, Third Party Advisory Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2025/12/11/4 Types: Mailing List -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 12, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 12, 2026
Action Type Old Value New Value Added Reference https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jan. 12, 2026
Action Type Old Value New Value Added Reference https://github.com/gogs/gogs/pull/8078 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Dec. 11, 2025
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2025/12/11/4 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Dec. 11, 2025
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2025/12/11/3 -
New CVE Received by 9947ef80-c5d5-474a-bbab-97341a59000e
Dec. 10, 2025
Action Type Old Value New Value Added Description Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:X Added CWE CWE-22 Added Reference http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit