CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a high-severity vulnerability (CVE-2025-8110, CVSS score 8.7) in the Gogs code hosting platform is being actively exploited. Wiz researchers discovered the path traversal flaw allows attackers to achieve remote code execution.

Traditional vulnerability management assumes timely patching, but this instance demonstrates a critical gap when a patch isn’t immediately available. The active exploitation of CVE-2025-8110 affects roughly 1,600 internet-exposed Gogs servers and highlights the risk associated with unpatched, externally-facing systems, potentially resulting in widespread compromise and data breaches.

Key Insights

• CVE-2025-8110: Discovered by Wiz in December 2025.
• Path Traversal: Exploits improper symbolic link handling in the PutContents API.
• Compromised instances: 700 Gogs instances identified as compromised as of January 13, 2026.

Practical Applications

• Use Case: Organizations self-hosting Git repositories using Gogs are at risk of having their systems compromised.
• Pitfall: Relying solely on vulnerability scanning without a robust incident response plan and mitigation strategy in cases where patching is unavailable.

References:

• https://thehackernews.com/2026/01/cisa-warns-of-active-exploitation-of.html