AI description
CVE-2025-8110 is a vulnerability affecting Gogs, a self-hosted Git service. It involves improper handling of symbolic links in the PutContents API, which allows for local code execution. This flaw is a bypass of a previously patched remote code execution vulnerability, CVE-2024-55947. The vulnerability can be exploited by creating a symbolic link within a Git repository that points to a sensitive target outside the repository. By using the PutContents API to write data to the symlink, an attacker can overwrite files outside the repository. This can be leveraged to overwrite the ".git/config" file and execute arbitrary commands.
- Description
- Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
- Source
- 9947ef80-c5d5-474a-bbab-97341a59000e
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:X
- Severity
- HIGH
- 9947ef80-c5d5-474a-bbab-97341a59000e
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
🚨 New high severity zero day affecting Gogs (CVE-2025-8110) actively being exploited in the wild! I’ve created a detection script to detect vulnerable instances at scale: https://t.co/JuEN7UWmZC https://t.co/MnteFZvP7K
@Hammad__Munir
13 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A high-severity unpatched security vulnerability in Gogs is actively exploited with 700+ compromised instances on the web! CVE-2025-8110 (CVSS 8.7) #CyberSecurity #Gogs #ZeroDay Source: https://t.co/yX4vfKAtp0
@JamaalChalid
12 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gogs Zero-Day RCE (CVE-2025-8110) Actively Exploited | Wiz Blog - https://t.co/aPYjIekAyD
@piedpiper1616
12 Dec 2025
1833 Impressions
4 Retweets
9 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-8110 (Zero-Day) Detection Template: Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code GitHub: https://t.co/73o7cfwEjy Writeup: https://t.co/4nDU2Feb6r https://t.co/gI7wIuZ6g3
@DarkWebInformer
11 Dec 2025
7358 Impressions
17 Retweets
78 Likes
41 Bookmarks
3 Replies
0 Quotes
"🚨 Zero-Day Alert: Gogs RCE (CVE-2025-8110) is now actively exploited! \nPatch immediately if you're using Gogs. \nDetails: https://t.co/UNLob2f62v \n#Cybersecurity #RCE #ZeroDay #CVE20258110 #Gogs"
@dxiadong527
11 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidade crítica no Gogs permite exploração ativa: Falha CVE-2025-8110 no serviço Git self-hosted possibilita execução remota de código via manipulação de links simbólicos, com mais de 700 instâncias comprometidas e nenhum patch disponível. Usuários devem rest
@caveiratech
11 Dec 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Gogs 0-Day Exploited in the Wild (CVE-2025-8110) https://t.co/1YhYu4n2ca #appsec
@eyalestrin
11 Dec 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gogs zero-day CVE-2025-8110 is under active exploitation, enabling authenticated RCE across 700+ instances with no patch available. Over 50% of public-facing Gogs installs are affected. #ZeroDay https://t.co/7wQsRSCFrO
@threatcluster
11 Dec 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-8110: Gogs 0-Day Drops Supershell on 700+ Git Servers Critical RCE in Gogs self-hosted Git platform (affects all versions before 0.14.0) is being actively exploited. What's clever: attackers exploit argument injection in repository migration API to execute
@the_c_protocol
11 Dec 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Gogs 0-day (CVE-2025-8110) is being exploited in the wild. Wiz Research confirms 700+ compromised servers. Patch pending - lock down your Gogs instances. https://t.co/Ha2v5mbH10
@wiz_io
11 Dec 2025
4374 Impressions
11 Retweets
46 Likes
15 Bookmarks
0 Replies
1 Quote
An unpatched zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. https://t.co/nHwko7LzTC
@BleepinComputer
11 Dec 2025
6422 Impressions
14 Retweets
42 Likes
7 Bookmarks
3 Replies
0 Quotes
🚨 New high severity zero day affecting Gogs (CVE-2025-8110) actively being exploited in the wild! I’ve created a detection script to detect vulnerable instances at scale: https://t.co/9si5WNN0BS Analysis from Wiz: https://t.co/3bUuRz23rJ https://t.co/30kHCvz1M6
@rxerium
11 Dec 2025
16986 Impressions
46 Retweets
222 Likes
161 Bookmarks
6 Replies
0 Quotes
📌 تم استغلال ثغرة أمان عالية الخطورة في Gogs، مما أدى إلى اختراق أكثر من 700 حالة عبر الإنترنت. الثغرة، المسجلة كـ CVE-2025-8110 (نقاط CVSS: 8.7)، تتعلق بتجاوز ملف في وا
@Cybercachear
11 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 700+ Gogs servers hacked — no patch yet. New flaw (CVE-2025-8110) lets attackers overwrite files and run code through symbolic links, bypassing last year’s fix. Wiz found Supershell malware — often used by Chinese groups — on many hacked servers. 🔗 Read: https:
@TheHackersNews
11 Dec 2025
52076 Impressions
34 Retweets
86 Likes
23 Bookmarks
4 Replies
4 Quotes
csirt_it: #Gogs: Rilevato sfruttamento in rete della vulnerabilità zero-day CVE-2025-8110 con gravità “alta” Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔸 Remote Code Execution 🔗 https://t.co/h9dRobRYFx 👉 Mitigazioni disponibili https://t.co/iK7OcrCmX0
@Vulcanux_
11 Dec 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Gogs: Rilevato sfruttamento in rete della vulnerabilità zero-day CVE-2025-8110 con gravità “alta” Rischio: 🔴 Tipologia: 🔸 Arbitrary File Write 🔸 Remote Code Execution 🔗 https://t.co/qMnTbsVexG 👉 Mitigazioni disponibili https://t.co/OXtabCY5zh
@csirt_it
11 Dec 2025
187 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨0-Day Exploited in the Wild🚨CVE-2025-8110 (CVSS 8.7): Gogs Symlink Bypass Vulnerability Leading to RCE This vulnerability bypasses the earlier RCE fix (CVE-2024-55947) by abusing committed symlinks that the Gogs API fails to validate, allowing attackers to write outside th
@zoomeye_team
11 Dec 2025
3288 Impressions
14 Retweets
53 Likes
24 Bookmarks
2 Replies
0 Quotes
🚨0-Day Exploited in the Wild🚨CVE-2025-8110 (CVSS 8.7): Gogs Symlink Bypass Vulnerability Leading to RCE This vulnerability bypasses the earlier RCE fix (CVE-2024-55947) by abusing committed symlinks that the Gogs API fails to validate, allowing attackers to write outside th
@zoomeye_team
11 Dec 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:CVE-2025-8110(Zero-Day) : Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. 🔥EXP :https://t.co/TirNZDBWtc 📊308K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/HvqFGre6yO 👇
@HunterMapping
11 Dec 2025
3844 Impressions
7 Retweets
54 Likes
15 Bookmarks
4 Replies
0 Quotes
CVE-2025-8110: Gogs: Symlink bypass of a previously patched RCE https://t.co/81FMaVJ6B4 Wiz Research discovered active exploitation of a vulnerability in Gogs, a popular self-hosted Git service. Allows authenticated users to overwrite files leading to Remote Code Execution (RCE).
@oss_security
11 Dec 2025
1741 Impressions
4 Retweets
13 Likes
6 Bookmarks
0 Replies
0 Quotes
Gogs zero-day CVE-2025-8110 actively exploited, over 700 self-hosted Git instances compromised, allows authenticated RCE via file overwrite, no patch released as of Dec 1 2025. #ZeroDay https://t.co/np1ZLkEaEh
@threatcluster
11 Dec 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wiz , Gogs 0-day exploited in-the wild. CVE-2025-8110 , Improper symbolic link handling in the PutContents API in Gogs allows local execution of code -- https://t.co/MowRBFBjS2
@AndreGironda
10 Dec 2025
453 Impressions
1 Retweet
3 Likes
2 Bookmarks
0 Replies
0 Quotes