- CISA added Gogs CVE-2025-8110 to its catalog of known exploited vulnerabilities
- Bypassing critical symlinks allows unauthenticated remote code execution via the PutContents API
- More than 700 Gogs servers compromised; agencies must patch by February 2, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new bug to its catalog of Known Exploited Vulnerabilities (KEV), indicating not only that it is being actively exploited in the wild, but also directing Federal Civil Executive Branch (FCEB) agencies to patch it or stop using the vulnerable software altogether.
The software at risk is Gogs, a self-hosted Git service that allows organizations to run their own private alternatives to Github or GitLab.
Gogs provides a web interface for hosting Git repositories, managing users and teams, handling pull requests, code reviews, issues, and basic project documentation, all in one infrastructure under the user’s control. It is written in Go and designed to be lightweight and fast. In practice, Gogs are often used for internal development environments, isolated networks, or companies that want full control over access to source code.
Data for sale
Cybersecurity researchers at Wiz Research recently found a critical symlink bypass vulnerability that allows unauthenticated users to achieve remote code execution (RCE) by exploiting the PutContents API. With RCE, criminals can completely take over the underlying server, deploy malware, leak sensitive data, and more.
The vulnerability is now tracked as CVE-2025-8110 and has been assigned a severity score of 8.7/10 (High). It was added to KEV on January 12, 2026, giving FCEB agencies until February 2 to apply the patch. The solution, which can be found at GiHubadds symlink-based path validation on all file write entry points, effectively mitigating the issue.
In his report, beepcomputer As reported on November 1, 2025, there had already been two separate waves of attacks exploiting this zero-day vulnerability. Today, there are more than 1,400 Gogs servers exposed online and more than 700 instances already show signs of compromise.
In other words, it seems that cybercriminals are having fun with vulnerable instances of Gogs, while organizations are dragging their feet in applying patches.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
