1. Home
  2. Vulnerabilities
  3. CVE-2025-8110
8.7
HIGH CVSS 4.0
CVE-2025-8110
File overwrite in file update API in Gogs
Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

INFO

Published Date :

Dec. 10, 2025, 2:16 p.m.

Last Modified :

Dec. 11, 2025, 7:16 p.m.

Remotely Exploit :

Yes !

Source :

9947ef80-c5d5-474a-bbab-97341a59000e
Affected Products

The following products are affected by CVE-2025-8110 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Gogs gogs
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 4.0 HIGH 9947ef80-c5d5-474a-bbab-97341a59000e
CVSS 4.0 HIGH 9947ef80-c5d5-474a-bbab-97341a59000e
Solution
Address improper symbolic link handling in the PutContents API to prevent local code execution.
  • Update Gogs to the latest version.
  • Review and sanitize all symbolic link operations.
  • Implement strict input validation for API calls.
Public PoC/Exploit Available at Github

CVE-2025-8110 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-8110.

URL Resource
http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
http://www.openwall.com/lists/oss-security/2025/12/11/3
http://www.openwall.com/lists/oss-security/2025/12/11/4
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-8110 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-8110 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Ashwesker/Blackash-CVE-2025-8110

CVE-2025-8110

Python

Updated: 12 hours, 32 minutes ago
0 stars 0 fork 0 watcher
Born at : Dec. 11, 2025, 7:10 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
rxerium/CVE-2025-8110

Detection template for CVE-2025-8110

Updated: 8 hours, 47 minutes ago
6 stars 0 fork 0 watcher
Born at : Dec. 11, 2025, 10:37 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-8110 vulnerability anywhere in the article.

  • Daily CyberSecurity
The IP Wall Falls: Disney Invests $1B in OpenAI to License 200+ Characters for AI

Long regarded as the “most formidable legal department in the Western Hemisphere,” Disney has historically guarded its intellectual property with near-impenetrable vigilance. Yet in the age of artific ... Read more

Published Date: Dec 12, 2025 (3 hours, 42 minutes ago)
  • Daily CyberSecurity
Farewell, Tabs: Google’s Experimental Disco Browser Generates Web Apps with AI

The race among artificial intelligence models has entered a fevered, white-hot phase—and AI-driven browsers have now gained a new contender. Google Labs has unveiled an experimental project called Dis ... Read more

Published Date: Dec 12, 2025 (4 hours, 8 minutes ago)
  • Daily CyberSecurity
React Patches Two New Flaws Risking Server-Crashing DoS and Source Code Disclosure

The security saga surrounding React Server Components continues this week. Just days after the React team patched a critical remote code execution (RCE) flaw, security researchers digging into those v ... Read more

Published Date: Dec 12, 2025 (4 hours, 20 minutes ago)
  • Daily CyberSecurity
New 01flip Ransomware Hits APAC Critical Infra: Cross-Platform Rust Weapon Uses Sliver C2

A ransom note | Image: Unit 42 A new and sophisticated ransomware player has entered the cybercrime arena, targeting critical infrastructure in the Asia-Pacific region with a custom-built, cross-platf ... Read more

Published Date: Dec 12, 2025 (4 hours, 48 minutes ago)
  • Daily CyberSecurity
CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo GeoServer software to its Known Exploited Vulnerabilities (KEV) Catalog. ... Read more

Published Date: Dec 12, 2025 (4 hours, 58 minutes ago)
  • CybersecurityNews
Gogs 0-Day Vulnerability Exploited in the Wild to Hack 700+ Instances

A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute ... Read more

Published Date: Dec 11, 2025 (16 hours, 51 minutes ago)
  • BleepingComputer
Hackers exploit unpatched Gogs zero-day to breach 700 servers

An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. Wri ... Read more

Published Date: Dec 11, 2025 (18 hours, 39 minutes ago)
  • The Hacker News
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Dec 11, 2025Ravie LakshmananVulnerability / Cloud Security A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances acces ... Read more

Published Date: Dec 11, 2025 (21 hours, 29 minutes ago)
  • Daily CyberSecurity
Urgent Patch: Notepad++ WinGUp Flaw Allowed Malware to Hijack Updates

Security researchers recently uncovered a vulnerability in the open-source text and code editor Notepad++, allowing attackers in certain regions to hijack network traffic, poison the update process, a ... Read more

Published Date: Dec 11, 2025 (1 day, 4 hours ago)
  • Daily CyberSecurity
Qualcomm Buys Ventana to Double Down on RISC-V and Custom Oryon CPU

To further consolidate its technological leadership in the computing domain, Qualcomm has announced its acquisition of Ventana Micro Systems, aiming to strengthen its CPU engineering capabilities by i ... Read more

Published Date: Dec 11, 2025 (1 day, 4 hours ago)
  • Daily CyberSecurity
You’re In Control: Instagram Launches “Your Algorithm” Feature for Reels

Instagram has announced the launch of a new feature called “Your Algorithm,” marking the first time users are given direct visibility into—and control over—the topics that shape their recommendation f ... Read more

Published Date: Dec 11, 2025 (1 day, 4 hours ago)
  • Daily CyberSecurity
High-Severity Jenkins Flaws Risk Unauthenticated DoS via HTTP CLI and XSS Via Coverage Reports

The maintainers of Jenkins, the world’s leading open-source automation server, have issued a critical security advisory addressing a raft of vulnerabilities that could leave CI/CD pipelines exposed to ... Read more

Published Date: Dec 11, 2025 (1 day, 5 hours ago)
  • The Register
700+ self-hosted Gits battered in 0-day attacks with no fix imminent

Attackers are actively exploiting a zero-day bug in Gogs, a popular self-hosted Git service, and the open source project doesn't yet have a fix. More than 700 instances have been compromised in the on ... Read more

Published Date: Dec 10, 2025 (1 day, 10 hours ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-8110 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 11, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/12/11/4
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Dec. 11, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/12/11/3
  • New CVE Received by 9947ef80-c5d5-474a-bbab-97341a59000e

    Dec. 10, 2025

    Action Type Old Value New Value
    Added Description Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:X
    Added CWE CWE-22
    Added Reference http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 8.7
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability