CVE-2025-8110

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-8110
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Exploit Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/12/11/3 Mailing List
http://www.openwall.com/lists/oss-security/2025/12/11/4 Mailing List
http://www.openwall.com/lists/oss-security/2026/01/17/4 Mailing List
http://www.openwall.com/lists/oss-security/2026/01/18/1 Mailing List
http://www.openwall.com/lists/oss-security/2026/01/18/2 Mailing List
https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 Patch
https://github.com/gogs/gogs/pull/8078 Exploit Issue Tracking Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
History

20 Jan 2026, 13:47

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2026/01/17/4 - () http://www.openwall.com/lists/oss-security/2026/01/17/4 - Mailing List
References () http://www.openwall.com/lists/oss-security/2026/01/18/1 - () http://www.openwall.com/lists/oss-security/2026/01/18/1 - Mailing List
References () http://www.openwall.com/lists/oss-security/2026/01/18/2 - () http://www.openwall.com/lists/oss-security/2026/01/18/2 - Mailing List

18 Jan 2026, 04:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/01/18/1 -
  • () http://www.openwall.com/lists/oss-security/2026/01/18/2 -

17 Jan 2026, 23:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2026/01/17/4 -

13 Jan 2026, 15:50

Type Values Removed Values Added
References () http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit - () http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit - Exploit, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2025/12/11/3 - () http://www.openwall.com/lists/oss-security/2025/12/11/3 - Mailing List
References () http://www.openwall.com/lists/oss-security/2025/12/11/4 - () http://www.openwall.com/lists/oss-security/2025/12/11/4 - Mailing List
References () https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 - () https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 - Patch
References () https://github.com/gogs/gogs/pull/8078 - () https://github.com/gogs/gogs/pull/8078 - Exploit, Issue Tracking, Patch, Vendor Advisory
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 - Third Party Advisory, US Government Resource
First Time Gogs
Gogs gogs
CPE cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

12 Jan 2026, 19:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110 -

12 Jan 2026, 16:16

Type Values Removed Values Added
References
  • () https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 -

12 Jan 2026, 15:16

Type Values Removed Values Added
References
  • () https://github.com/gogs/gogs/pull/8078 -

11 Dec 2025, 19:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/12/11/4 -

11 Dec 2025, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2025/12/11/3 -

10 Dec 2025, 14:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-10 14:16

Updated : 2026-01-20 13:47

NVD link : CVE-2025-8110

Mitre link : CVE-2025-8110

CVE.ORG link : CVE-2025-8110

JSON object : View

Products Affected

gogs

  • gogs
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')