CVE-2025-8110

UNKNOWN 0.0

⚠️ CISA KEV

File overwrite in file update API in Gogs

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

CWE	CWE-22
Vendor	gogs
Product	gogs
Published	Dec 10, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for gogs gogs

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-8110.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Gogs / Gogs

0 ≤ 0.13.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wiz.io: http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit github.com: https://github.com/gogs/gogs/pull/8078 github.com: https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 openwall.com: http://www.openwall.com/lists/oss-security/2025/12/11/3 openwall.com: http://www.openwall.com/lists/oss-security/2025/12/11/4 openwall.com: http://www.openwall.com/lists/oss-security/2026/01/17/4 openwall.com: http://www.openwall.com/lists/oss-security/2026/01/18/1 openwall.com: http://www.openwall.com/lists/oss-security/2026/01/18/2