Top Highlights
-
Exploitation Alert: A critical vulnerability (CVE-2025-8110) in the self-hosted Git service Gogs is actively being exploited, with no patch available yet.
-
Security Bypass: The flaw allows attackers to bypass a previous patch (CVE-2024-55947) linked to a remote code execution vulnerability by leveraging symbolic links, enabling unauthorized code execution.
-
Widespread Impact: Wiz identified that over 700 out of 1,400 exposed Gogs instances are compromised, indicating a high breach rate and potential for extensive impact across on-premises and cloud environments.
-
Urgent Recommendations: Vulnerable organizations should immediately disable open registration, limit internet exposure, and monitor for suspicious repository activity to mitigate risks.
Widespread Exploitation of Gogs Vulnerability
A serious vulnerability in the open-source Git service Gogs has come to light. Attackers have exploited this weakness for months, and currently, no patch exists. Researchers from Wiz recently identified the flaw, known as CVE-2025-8110. This security gap builds on a previously patched issue but allows cybercriminals to execute harmful code in vulnerable environments. The Gogs service, popular for its simplicity and minimal requirements, exists in numerous cloud and on-premises setups. Unfortunately, many of these setups are directly exposed to the internet for ease of collaboration.
The initial bug, CVE-2024-55947, allowed file modifications outside a repository. Thus, attackers could overwrite essential system files and potentially take control of the system. Although developers added input validation to fix the issue, they overlooked symbolic links, which allowed the new flaw to emerge. Attackers can introduce malicious code simply by creating a symbolic link in a repository. Researchers first noted this exploitation in July, leading to a rapid increase in cyberattacks.
CVE-2025-8110 Timeline and Recommended Actions
Wiz reported the vulnerability to Gogs maintainers on July 17. However, the maintainers acknowledged this report only three months later. During this time, Wiz chose to wait for a coordinated fix before going public. Ultimately, they decided to disclose the information to help organizations protect their systems as exploitation intensified. A confirmed wave of attacks occurred after the report’s publishing date, underscoring the urgency of the situation.
Gogs instances at or below version 0.13.3 with open registration enabled are particularly at risk. To mitigate this vulnerability, organizations should disable open registration, limit external exposure, and monitor for unusual repository names or unexpected API usage. Taking these steps can help prevent further exploitation and safeguard sensitive systems.
Expand Your Tech Knowledge
Dive deeper into the world of Cryptocurrency and its impact on global finance.
Explore past and present digital transformations on the Internet Archive.
CyberRisk-V1
