What's Happening?
A zero-day vulnerability in Gogs, a self-hosted Git service, is being actively exploited, affecting over 700 instances. The flaw, identified as CVE-2025-8110, allows attackers to execute remote code by exploiting symbolic links, a method not accounted
for in previous patches. This vulnerability was discovered by Wiz researchers during an investigation into malware on an infected machine. The Gogs maintainers have been informed and are working on a fix, but exploitation continues. The vulnerability affects Gogs servers running version 0.13.3 or earlier with open-registration enabled, which is the default setting.
Why It's Important?
The exploitation of this vulnerability poses significant risks to organizations using Gogs for hosting Git repositories. With over 700 instances already compromised, the potential for data breaches and unauthorized access to sensitive information is high. This situation underscores the importance of robust security measures and timely patching in open-source software. Organizations using Gogs are advised to disable open-registration and limit internet exposure to mitigate risks. The incident highlights the challenges in maintaining security in self-hosted environments and the need for continuous monitoring and updates.
What's Next?
Gogs maintainers are currently developing a fix for the vulnerability. In the meantime, users are advised to take immediate action by disabling open-registration and placing their Git services behind a VPN. Monitoring for unusual repository activity and reviewing the list of indicators of compromise provided by researchers can help in early detection of exploitation attempts. The security community will likely continue to monitor the situation and provide updates as new information becomes available.
