Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

A high-severity unpatched zero-day vulnerability (CVE-2025-8110) in Gogs Git service is being actively exploited across more than 700 instances accessible over the internet. The flaw, with a CVSS score of 8.7, involves a file overwrite vulnerability in the file update API of the Go-based self-hosted Git service. Security researchers from Wiz discovered the widespread exploitation of this vulnerability. The issue allows attackers to overwrite files through the API, potentially leading to system compromise. A fix for the vulnerability is currently being developed but has not yet been released.