20260113-thehackernews.com-0e44e | Perceptive Security

< Back to index

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

Published:

13 January 2026 at 07:15:00

Alert date:

13 January 2026 at 09:00:37

Source:

thehackernews.com

Web Technologies, Zero-Day Vulnerabilities, Enterprise Applications

CISA has warned of active exploitation of a high-severity vulnerability in Gogs, tracked as CVE-2025-8110 with a CVSS score of 8.7. The vulnerability relates to path traversal in the repository file editor that enables code execution. The flaw has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation in the wild.

Technical details

CVE-2025-8110 is a path traversal vulnerability in Gogs repository file editor with CVSS score 8.7. It affects improper symbolic link handling in the PutContents API allowing code execution. The vulnerability bypasses protections for CVE-2024-55947 by creating a git repository, committing a symbolic link pointing to a sensitive target, and using the PutContents API to write data to the symlink. This causes the OS to navigate to the actual file the symlink points to and overwrite the target file outside the repository. Attackers can leverage this to overwrite Git configuration files, specifically the sshCommand setting, achieving code execution privileges.

Mitigation steps:

Disable the default open-registration setting and limit server access using a VPN or an allow-list. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by February 2, 2026. Monitor for patches as pull requests on GitHub show necessary code changes have been made and will be available in gogs/gogs:latest and gogs/gogs:next-latest images.

Affected products:

Gogs

Related CVE's:

CVE-2025-8110

CVE-2024-55947

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.