CVE-2025-8110: Gogs Path Traversal Vulnerability

CVE ID

CVE-2025-8110

Vulnerability Name

Gogs Path Traversal Vulnerability

• Project: Gogs
• Product: Gogs

Date

• Date Added: 2026-01-12
• Due Date: 2026-02-02

Description

Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8110

Related Security News

• CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List