Cyber Posture

CVE-2025-8110

HighCISA KEVActive ExploitationPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
20 January 2026
KEV Added
12 January 2026
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1780 95.2th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2025-8110 by requiring timely identification, reporting, and correction of the improper symbolic link handling flaw in Gogs' PutContents API.

SI-10 Information Input Validation good match
prevent

Prevents path traversal exploitation via symbolic links by validating file path inputs to the PutContents API using defined tools and procedures.

AC-25 Reference Monitor good match
prevent

Enforces access control policy through a reference monitor that mediates file system accesses, blocking unauthorized code execution from manipulated symbolic links.

Security SummaryAI

CVE-2025-8110 involves improper symbolic link handling in the PutContents API of Gogs, enabling local execution of code. This vulnerability, tied to CWE-22 (Path Traversal), affects Gogs, a self-hosted Git service. Published on 2025-12-10, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility and significant impact potential.

An attacker requires low privileges (PR:L) to exploit this over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation allows achievement of high confidentiality, integrity, and availability impacts, facilitating local code execution on the affected system.

Mitigation guidance is detailed in referenced advisories, including the Wiz Research blog on the Gogs CVE-2025-8110 RCE exploit (http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit) and OSS-Security mailing list discussions (http://www.openwall.com/lists/oss-security/2025/12/11/3, http://www.openwall.com/lists/oss-security/2025/12/11/4, http://www.openwall.com/lists/oss-security/2026/01/17/4, http://www.openwall.com/lists/oss-security/2026/01/18/1). Security practitioners should review these for patching instructions and workarounds.

Details

CWE(s)
CWE-22
KEV Date Added
12 January 2026

Affected Products

gogs
gogs
≤ 0.13.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Vulnerability in Gogs PutContents API enables remote code execution via path traversal and improper symlink handling in a public-facing web application, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References