Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

Exploit for Path Traversal in Gogs

Gogs CVE-2025-8110 RCE Exploit An automated Python exploit fo...

Exploit for CVE-2025-81110

CVE-2025-81110-PoC Improper Symbolic link handling in the PutC...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PutContents function accessible via the /repos/:owner/:repo/contents/ endpoint. A user with read permissions can modify repository contents via git push. Remediation Upgrade gogs.io/gogs/internal/database to...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PutContents function accessible via the /repos/:owner/:repo/contents/ endpoint. A user with read permissions can modify repository contents via git push. Remediation Upgrade...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PutContents function accessible via the /repos/:owner/:repo/contents/ endpoint. A user with read permissions can modify repository contents via git push. Remediation Upgrade gogs.io/gogs/internal/osutil to...

Gogs Path Traversal Vulnerability

Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution...

SUSE CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

Improper Symbolic Link Handling

Gogs is vulnerable to Improper Symbolic Link Handling. The vulnerability is due to the PutContents API not properly validating or restricting symbolic links, which allows an attacker to manipulate file paths and execute code locally on the system...

CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

Exploit for CVE-2025-8110

CVE-2025-8110 Improper Symbolic link handling in the PutCont...

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

A high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 CVSS score: 8.7, is a case of file overwrite in the file updat...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper handling of symbolic links in the PutContents API. If open registration is enabled, an attacker can execute arbitrary code on the system by uploading files that exploit symbolic link traversal. This...

GHSA-MQ8M-42GH-WQ7R Gogs vulnerable to a bypass of CVE-2024-55947

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

Gogs vulnerable to a bypass of CVE-2024-55947

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

VulnCheck KEV: CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code...

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and removing repository collaborators, and so on. A security vulnerability exists in Gogs, which stems from the mishandlin...