Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Gogs path traversal in the PutContents API (CVE-2025-8110)

Vulnerability
First reported
Last updated
Happening score
H score 51
2 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2025-8110 in Gogs to the KEV catalog, confirming active exploitation of a path traversal flaw that can lead to code execution. The weakness sits in the repository file editor and stems from improper symbolic link handling in the PutContents API. Attackers can abuse the flaw to overwrite files outside the repository and pivot into execution through Git configuration manipulation. Wiz said the bug was used in zero-day attacks, and there is no patch yet.

Related Happenings

Vim and GNU Emacs file-open RCE flaws remote code execution flaw

Vulnerability
First: 01.04.2026 00:45 Last: 01.04.2026 00:45 Sources 1

About this happening: **Vim** and **GNU Emacs** have **file-open remote code execution** flaws that can run attacker code as soon as a crafted file is opened. The **Vim** issue affects **9.2.0271 and e...

Open Happening

CISA orders FCEB GitLab patching under BOD 22-01

Public Sector Action
First: 04.02.2026 17:42 Last: 04.02.2026 17:42 Sources 1

About this happening: **CISA** ordered **FCEB agencies** to patch **GitLab CE/EE** against **CVE-2021-39935**, forcing remediation of an **actively exploited SSRF flaw** within **three weeks**. The dea...

Open Happening

GCVE launches as a decentralized vulnerability intelligence platform

Security Tool/Service
First: 21.01.2026 12:30 Last: 21.01.2026 12:30 Sources 1

About this happening: **GCVE** launched as a **community-driven vulnerability intelligence platform**, giving defenders a **decentralized reference point** for tracking and correlating vulnerabilities...

Open Happening

AWS CodeBuild ACTOR_ID regex bypass security flaw

Vulnerability
First: 15.01.2026 21:31 Last: 15.01.2026 21:31 Sources 1

About this happening: **AWS CodeBuild**'s **ACTOR_ID regex filters** were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The f...

Open Happening

Gogs Internet-facing exploitation wave (CVE-2025-8110)

Exploitation Wave
First: 11.12.2025 15:19 Last: 11.12.2025 15:19 Sources 1

How related: In total, the researchers found over 1,400 Gogs servers exposed online, with more than 700 instances showing signs of compromise.

About this happening: **Gogs** servers were caught in a broad **active exploitation wave** that left **more than 700 compromised instances** among **1,400+ exposed servers**. The abuse centered on **CV...

Open Happening

Timeline

  1. 13.01.2026 09:15 3 articles · 4mo ago

    CISA adds CVE-2025-8110 in Gogs to the KEV catalog

    Initial Disclosure

    CISA added CVE-2025-8110 in Gogs to the Known Exploited Vulnerabilities catalog after confirming active exploitation of a path traversal flaw in the PutContents API that can lead to code execution. Wiz said it observed zero-day abuse and identified 700 compromised Gogs instances, while CISA advised Gogs users to disable open registration and restrict access because no patch was available yet.

    Show sources
    Open in new tab
  2. 13.01.2026 09:15 1 articles · 4mo ago

    FCEB agencies face a February 2, 2026 mitigation deadline

    Legal Policy Action Update

    Federal Civilian Executive Branch agencies are required to apply the necessary mitigations for Gogs CVE-2025-8110 by February 2, 2026, including disabling the default open-registration setting and limiting server access with a VPN or an allow-list. The deadline sits alongside the still-unpatched flaw and the active-exploitation warning for Gogs deployments.

    Show sources
    Open in new tab