CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution - The Hacker News

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution Ravie LakshmananJan 13, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution. "Gogs Path Traversal Vulnerability: Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution," CISA said in an advisory. Details of the shortcoming came to light last month when Wiz said it discovered it being exploited in zero-day attacks. The vulnerability essentially bypasses protections put in place for CVE-2024-55947 to achieve code execution by creating a git repository, committing a symbolic link pointing to a sensitive target, and using the PutContents API to write data to the symlink. This, in turn, causes the underlying operating system to navigate to the actual file the symlink points to and overwrites the target file outside the repository. An attacker could leverage this behavior to overwrite Git configuration files, specifically the sshCommand setting, giving them code execution privileges. Wiz said it identified 700 compromised Gogs instances. According to data from the attack surface management platform Censys, there are over 1,600 internet-exposed Gogs servers, out of which the majority are located in China (991), the U.S. (146), Germany (98), Hong Kong (56), and Russia (49). There are currently no patches that address CVE-2025-8110, although pull requests on GitHub show that the necessary code changes have been made. "Once the image is built on main, both gogs/gogs:latest and gogs/gogs:next-latest will have this CVE patched," one of the project maintainers said last week. In the absence of a fix, Gogs users are advised to disable the default open-registration setting and limit server access using a VPN or an allow-list. Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary mitigations by February 2, 2026. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Code Execution, cybersecurity, Git repository, network security, Open Source, Supply Chain Security, Threat Intelligence, Vulnerability, zero-day Trending News Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits and 20 More Stories Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers and More Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise Load More ▼ Popular Resources [Demo] Discover SaaS Risks and Monitor Every App in Your Environment SANS SEC401: Get Hands On Skills to Detect and Respond to Cyber Threats Detect AI-Driven Threats Faster With Full Network Visibility [Guide] Learn How to Govern AI Agents With Proven Market Guidance