- CISA added Gogs CVE-2025-8110 to its Known Exploited Vulnerabilities catalog
- Critical symlink bypass enables unauthenticated Remote Code Execution via PutContents API
- Over 700 Gogs servers compromised; agencies must patch by February 2, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new bug to its Known Exploited Vulnerabilities (KEV) catalog, signaling not only that it is being actively exploited in the wild, but also ordering Federal Civilian Executive Branch (FCEB) agencies to patch it, or stop using the vulnerable software entirely.
The software at risk is Gogs, a self-hosted Git service which lets organizations run their own private alternatives to Github, or GitLab.
Gogs provides a web interface for hosting Git repositories, managing users and teams, handling pull requests, code reviews, issues, and basic project documentation, all on infrastructure under the user’s control. It is written in Go and designed to be lightweight and fast. In practice, Gogs is often used for internal development environments, air-gapped networks, or companies that want full control over source code access.
Data for sale
Cybersecurity researchers from Wiz Research recently found a critical symlink bypass vulnerability that allows unauthenticated users to achieve Remote Code Execution (RCE) by exploiting the PutContents API. With RCE, crooks can take over the underlying server entirely, deploying malware, exfiltrating sensitive data, and more.
The vulnerability is now tracked as CVE-2025-8110, and was given a severity score of 8.7/10 (high). It was added to KEV on January 12, 2026, giving FCEB agencies until February 2 to apply the patch. The fix, which can be found on GiHub, adds symlink-aware path validation at all file write entry points, effectively mitigating the issue.
In its report, BleepingComputer stated by November 1, 2025, there had already been two separate waves of attacks leveraging this vulnerability as a zero-day. Today, there are more than 1,400 Gogs servers that are exposed online, and more than 700 instances already showing signs of compromise.
In other words, it seems that cybercriminals are having a field day with vulnerable Gogs instances, while organizations lag at patching.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/37uyEphcLreEFNUVCQzurn-2560-80.jpg
Source link
