Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has added a dangerous new entry to its “Must-Patch” list, warning that a popular tool used by developers worldwide is actively being exploited to breach networks. The vulnerability, tracked as CVE-2025-8110, affects Gogs, a widely deployed self-hosted Git service.
What makes CVE-2025-8110 particularly insidious is that it is a bypass of a previous security fix. The vulnerability, rated with a high-severity CVSS score of 8.7, allows attackers to skirt the protections put in place for an earlier remote code execution (RCE) bug, CVE-2024-55947.
The attack vector relies on a “symlink bypass.” While the original patch attempted to stop malicious file manipulations, it failed to account for this specific method. Consequently, an authenticated user can leverage path traversal techniques to overwrite files outside the designated repository directory.
In practical terms, this allows a rogue user—or an attacker who has compromised a low-level developer account—to escape the application’s sandbox and execute arbitrary code on the underlying server.
It was first identified as an active zero-day vulnerability on July 10, 2025, by researchers at Wiz Research. Since then, evidence of active exploitation has mounted, prompting CISA’s intervention.
Because Gogs is written in Go and designed to be lightweight, it has become a favorite alternative to heavier platforms like GitLab or GitHub Enterprise. It is frequently deployed in both on-premise data centers and cloud environments. Crucially, because it is a collaboration tool, these instances are often exposed to the public internet, making them accessible targets for scanners and automated exploit scripts.
Federal Civilian Executive Branch (FCEB) agencies have been given a strict deadline of February 2, 2026, to secure their servers or disconnect them entirely.
Organizations running Gogs should assume their instances are targets. Administrators are urged to check for the latest security updates immediately and ensure that their deployments are restricted from the open internet wherever possible.
Related Posts:
- Unpatched Gogs Vulnerabilities: A Ticking Time Bomb for Source Code
- Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers
- Critical Vulnerabilities Found in Gogs Self-Hosted Git Service: Urgent Update Required
- DoS Flaws in Argo CD: Unauthenticated Attackers Can Crash Kubernetes Server with Single Request
Donate