Improper Symbolic Link Handling in Gogs Product by Gogs Team
CVE-2025-8110
8.7HIGH
Key Information:
Badges
π° RansomwareπΎ Exploit Existsπ° News Worthy
What is CVE-2025-8110?
The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to update their Gogs installations to mitigate the risks associated with this issue.
Affected Version(s)
Gogs Linux 0 <= 0.13.3
News Articles
The Hacker NewsCVE-2025-8110Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
Unpatched Gogs flaw CVE-2025-8110 enables file overwrite and code execution, driving over 700 confirmed compromises.
2 hours ago
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- π°
Used in Ransomware
- πΎ
Exploit known to exist
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved