Cybersecurity

Cisa Warns Of Active Exploitation Of Gogs Vulnerability Enabling... (2026)

2026-01-13 0 views admin
Cisa Warns Of Active Exploitation Of Gogs Vulnerability Enabling... (2026)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.

"Gogs Path Traversal Vulnerability: Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution," CISA said in an advisory.

Details of the shortcoming came to light last month when Wiz said it discovered it being exploited in zero-day attacks. The vulnerability essentially bypasses protections put in place for CVE-2024-55947 to achieve code execution by creating a git repository, committing a symbolic link pointing to a sensitive target, and using the PutContents API to write data to the symlink.

This, in turn, causes the underlying operating system to navigate to the actual file the symlink points to and overwrites the target file outside the repository. An attacker could leverage this behavior to overwrite Git configuration files, specifically the sshCommand setting, giving them code execution privileges.

Wiz said it identified 700 compromised Gogs instances. According to data from the attack surface management platform Censys, there are about 1,600 internet-exposed Gogs servers, out of which the majority of them are located in China (991), the U.S. (146), Germany (98), Hong Kong (56), and Russia (49).

There are currently no patches that address CVE-2025-8110, although pull requests on GitHub show that the necessary code changes have been made. "Once the image is built on main, both gogs/gogs:latest and gogs/gogs:next-latest will have this CVE patched," one of the project maintainers said last week.

In the absence of a fix, Gogs users are advised to disable the default open-registration setting and limit server access using a VPN or an allow-list. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by February 2, 2026.

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityvulnerabilitycveattack

More from Cybersecurity

Essential Guide: Betterment Confirms Data Breach After Wave Of Crypto Scam Emails

Essential Guide: Betterment Confirms Data Breach After Wave Of Crypto Scam Emails

2026-01-13 0
Convincing Linkedin Comment-reply Tactic Used In New Phishing - 2025 Update

Convincing Linkedin Comment-reply Tactic Used In New Phishing - 2025 Update

2026-01-13 0
Essential Guide: Latest Attackers Abuse Python, Cloudflare To Deliver Asyncrat

Essential Guide: Latest Attackers Abuse Python, Cloudflare To Deliver Asyncrat

2026-01-13 0
Latest: Securing Agentic Ai: From Mcps And Tool Access To Shadow API Key...

Latest: Securing Agentic Ai: From Mcps And Tool Access To Shadow API Key...

2026-01-13 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views