CVE-2025-8110 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-10

Added to CISA KEV: 2026-01-12 33 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
IMMEDIATE: Update to Gogs version 0.13.4 or later once available, or apply the patch from commit 553707f3fd5f68f47f531cfcff56aa3ec294c6f6
URGENT: If patching is not immediately possible, consider temporarily restricting access to Gogs instances or taking them offline until patched
Monitor for unusual file modifications, unexpected processes, or unauthorized access attempts in Gogs logs
Review user accounts and permissions for any unauthorized changes or privilege escalations
Patch priority: CRITICAL - Treat as emergency patching due to active exploitation and RCE impact

🔍 Web Intelligence

Key Sources:

Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited | Wiz Blog
A symlink bypass (CVE-2025-8110) of a previously patched RCE (CVE-2024-55947) allows authenticated users to overwrite files outside the repository, leading to Remote Code Execution (RCE). We identified over 700 compromised instances public-facing on the internet. As of December 1, 2025, active exploitation is ongoing, and a patch is not yet available.
CISA Warns of Actively Exploited Gogs Path Traversal Vulnerability
Active Exploitation and CISA’s Response CISA’s inclusion of CVE-2025-8110 in its KEV catalog on January 12, 2026, signals that real-world exploitation is already underway. While the specific threat actors and attack methodologies remain undisclosed, the active exploitation status elevates this vulnerability beyond theoretical concern.
CISA Flags Actively Exploited Gogs Vulnerability With No Patch
Tracked as CVE-2025-8110 and rated 8.7 on the CVSS v4.0 scale, the vulnerability stems from improper handling of symbolic links in Gogs’ PutContents API. The flaw allows authenticated users to overwrite files outside a repository, which can lead directly to remote code execution (RCE). Exploitation at Scale
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix for the issue is said to be currently in the works. The company said it accidentally discovered the zero-day flaw in July 2025 while investigating a malware infection on a customer's machine.
CISA Adds One Known Exploited Vulnerability to Catalog
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding ...

🔴 CVE-2025-8110

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence

Key Sources: