CVE-2025-8110

high-risk
Published 2025-12-10

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Do I need to act?

!
19.9% chance of exploitation in next 30 days
EPSS score — higher than 80% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Gogs

References (9)

Exploit http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
Mailing List http://www.openwall.com/lists/oss-security/2025/12/11/3
Mailing List http://www.openwall.com/lists/oss-security/2025/12/11/4
Mailing List http://www.openwall.com/lists/oss-security/2026/01/17/4
Mailing List http://www.openwall.com/lists/oss-security/2026/01/18/1
Mailing List http://www.openwall.com/lists/oss-security/2026/01/18/2
Patch https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6
Exploit https://github.com/gogs/gogs/pull/8078
Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
56
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 21/34 · High
Exposure 5/34 · Minimal