A critical zero-day vulnerability in Gogs, tracked as CVE-2025-8110, has been actively exploited in the wild, prompting urgent action from administrators. The flaw, which carries a CVSS score of 8.8, is due to improper symbolic link handling in the PutContents API, allowing attackers to execute code locally on affected systems. This vulnerability, categorized under CWE-22, was exploited before its disclosure, highlighting the need for immediate attention.
The vulnerability was officially published on December 10, 2025, and has since been added to the Known Exploited Vulnerabilities (KEV) catalog as of January 12, 2026. The Exploit Prediction Scoring System (EPSS) rates it at 0.214, indicating a significant likelihood of exploitation. With 16 proof-of-concept exploits already available, the threat landscape is rapidly evolving, and the Security Severity Vulnerability Classification (SSVC) advises immediate attention.
Gogs users are at risk of unauthorized code execution, which could lead to data breaches or system compromise. The exploitation of this vulnerability before its public disclosure underscores the sophisticated tactics employed by attackers, who have leveraged this flaw to gain unauthorized access to systems running vulnerable versions of Gogs.
Administrators are urged to apply patches as soon as they become available to mitigate the risk of exploitation. In the interim, reviewing system configurations and monitoring for unusual activity is recommended to detect potential breaches. The urgency of addressing this vulnerability cannot be overstated, given its active exploitation and the availability of multiple proof-of-concept exploits.
CSURFACE