What's Happening?
A significant security flaw in the self-hosted Git service Gogs has been exploited, compromising more than 700 instances, according to cybersecurity firm Wiz. The vulnerability, tracked as CVE-2025-8110,
involves improper handling of symbolic links in the PutContents API, allowing authenticated attackers to overwrite files outside the repository and execute remote code. This flaw is a symlink bypass of a previously patched vulnerability, CVE-2024-55947, which was addressed in December 2024. Despite the patch, the current issue persists due to the API's failure to validate symbolic link destinations. Attackers have been exploiting this vulnerability by creating new Git repositories, committing symbolic links to sensitive targets, and using the API to overwrite critical files, such as .git/config, to gain SSH access to servers. The Gogs maintainers are aware of the issue and are working on a fix, but no patch is available as of December 10.
Why It's Important?
The exploitation of this zero-day vulnerability in Gogs highlights significant security risks for organizations using self-hosted Git services. With over 1,400 exposed Gogs instances and more than 700 already compromised, the potential for widespread data breaches and unauthorized access is substantial. This situation underscores the critical need for robust security measures and timely patching of vulnerabilities in software systems. Organizations relying on Gogs for version control and code management may face severe operational disruptions and data integrity issues if their systems are compromised. The incident also raises concerns about the security of open-source software and the importance of community vigilance in identifying and addressing vulnerabilities.
What's Next?
The Gogs maintainers are actively working on a patch to address the CVE-2025-8110 vulnerability. Until a fix is released, organizations using Gogs are advised to review their security configurations, limit exposure to the internet, and disable open registration to mitigate the risk of exploitation. Cybersecurity experts recommend monitoring for unusual activity and implementing additional security controls to protect sensitive data. The broader cybersecurity community may also increase scrutiny of similar open-source projects to prevent future vulnerabilities. As the situation develops, organizations will need to stay informed about updates and apply patches promptly once available.
