The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Gogs vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming it is being actively exploited in the wild.
The flaw, CVE-2025-8110 (CVSS 8.7), impacts Gogs and arises from a path traversal issue in the repository file editor. Improper handling of symbolic links in the PutContents API allows attackers to write files outside the repository, ultimately leading to remote code execution.
The vulnerability was discovered last month by Wiz, which observed zero-day exploitation. The attack bypasses protections added for CVE-2024-55947 by creating a repository, committing a symbolic link to a sensitive file, and using the vulnerable API to overwrite that file. Attackers can modify Git configuration files, such as the sshCommand setting, to gain code execution.
Wiz estimates that around 700 Gogs instances have already been compromised. Data from Censys indicates roughly 1,600 internet-exposed Gogs servers, primarily located in China, the U.S., Germany, Hong Kong, and Russia.
No official patch is currently available, though fixes have been merged into the main codebase. Maintainers say updated images (gogs/gogs:latest and gogs/gogs:next-latest) will include the fix once rebuilt. Until then, users should disable open registration and restrict access via VPNs or allow-lists. U.S. Federal Civilian Executive Branch agencies must apply mitigations by February 2, 2026.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
