Overview
- Federal Civilian Executive Branch agencies must patch or mitigate CVE-2025-8110 by February 2, following CISA’s addition of the bug to its Known Exploited Vulnerabilities catalog.
- The vulnerability lets authenticated users overwrite files outside a repository via symbolic links, enabling code execution by altering settings such as the sshCommand in Git configuration.
- Wiz Research reported active exploitation since July 2025 and found roughly 1,400 internet-facing Gogs servers, with more than 700 showing signs of compromise.
- CISA urged administrators to follow vendor guidance or discontinue use if mitigations are unavailable, and to immediately disable open registration and restrict access through VPNs or allow lists.
- Project maintainers have made code changes to address the issue, though reporting indicates patched runtime images are not uniformly available and users should monitor for suspicious PutContents activity and randomly named eight-character repositories.