- CISA added Gog’s CVE-2025-8110 to its catalog of known exploited vulnerabilities
- Critical symlink bypass allows unauthorized remote code execution via the PutContents API
- Over 700 Gogs Servers Compromised; agencies must patch by February 2, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new bug to its Known Exploited Vulnerabilities (KEV) catalog, not only signaling that it is being actively exploited in the wild, but also ordering Federal Civilian Executive Branch (FCEB) agencies to patch it or stop using the vulnerable software altogether.
The software at risk is Gogs, a self-hosted Git service that lets organizations run their own private alternatives to Github or GitLab.
Gogs provides a web interface for hosting Git repositories, managing users and teams, handling pull requests, code reviews, issues, and basic project documentation, all on infrastructure under the user’s control. It is written in Go and designed to be light and fast. In practice, Gogs are often used for internal development environments, air-gapped networks, or companies that want full control over source code access.
Data for sale
Cybersecurity researchers from Wiz Research recently discovered a critical symlink bypass vulnerability that allows unauthenticated users to achieve Remote Code Execution (RCE) by exploiting the PutContents API. With RCE, bad guys can completely take over the underlying server by deploying malware, exfiltrating sensitive data and more.
The vulnerability is now tracked as CVE-2025-8110 and received a severity score of 8.7/10 (high). It was added to the KEV on January 12, 2026, giving FCEB agencies until February 2 to apply the patch. The fix, which can be found at GiHubadds symlink-aware path validation at all file write entry points, effectively fixing the problem.
In its report, Bleeping Computer stated on November 1, 2025, there had already been two separate waves of attacks exploiting this vulnerability as a zero-day. Today, there are more than 1,400 Gogs servers exposed online, and more than 700 instances already show signs of compromise.
In other words, cybercriminals seem to be having a field day with vulnerable Gogs instances while organizations lag in patching.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
