- CISA added Gogs CVE-2025-8110 to its catalog of known exploited vulnerabilities
- Critical Symlink Bypass Allows Unauthenticated Remote Code Execution via PutContents API
- More than 700 Gogs servers compromised; agencies must update by February 2, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new bug to its Catalog of Known Exploited Vulnerabilities (KEVs), not only reporting that it is actively exploited in the wild, but also ordering Federal Civilian Executive Branch (FCEB) agencies to patch it or stop using the vulnerable software altogether.
The software at risk is Gogs, a self-hosted Git service that allows organizations to manage their own private alternatives to Github or GitLab.
Gogs provides a web interface for hosting Git repositories, managing users and teams, managing pull requests, code reviews, issues, and core project documentation, all on an infrastructure under user control. It is written in Go and designed to be lightweight and fast. In practice, Gogs is often used for internal development environments, isolated networks, or companies that want full control over source code access.
Data for sale
Cybersecurity researchers at Wiz Research recently discovered a critical symlink bypass vulnerability that allows unauthenticated users to perform remote code execution (RCE) by leveraging the PutContents API. With RCE, cybercriminals can completely take over the underlying server, deploy malware, exfiltrate sensitive data, and more.
The vulnerability is now identified as CVE-2025-8110 and has received a severity score of 8.7/10 (high). It was added to KEV on January 12, 2026, giving FCEB agencies until February 2 to apply the patch. The fix, available at GiHubadds symlink-aware path validation to all file write entry points, effectively mitigating the issue.
In his report, BeepComputer As of November 1, 2025, there have already been two separate waves of attacks exploiting this vulnerability as a zero-day. Today, more than 1,400 Gogs servers are exposed online and more than 700 instances already show signs of compromise.
In other words, it appears that cybercriminals are having a field day with vulnerable Gogs instances, while organizations are lagging behind in patching.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
