CVE-2025-8110

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.3

Description Gogs, a self-hosted Git service, is affected by a zero-day vulnerability (CVE-2025-8110) that allows for remote code execution (RCE). This flaw is due to improper handling of symbolic links within the

PutContents API

, enabling attackers to bypass previous security measures and overwrite critical files. Over 700 instances have been compromised, with evidence suggesting the use of the Supershell malware by attackers. The vulnerability allows authenticated users to exploit a path traversal weakness, potentially gaining unauthorized access and control over compromised systems. The

PutContents API

is the primary entry point for exploitation. The vulnerability allows attackers to overwrite files outside of the intended repository, potentially leading to system compromise. Approximately 1,400 Gogs servers were identified as publicly accessible, with over 700 confirmed as compromised.

Recommendations Disable open registration settings. Restrict server access through VPNs or allow lists. Investigate existing repositories for suspicious activity related to the

PutContents API

. At the moment, there is no information about a newer version that contains a fix for this vulnerability.