How severe is CVE-2025-8110?

CVE-2025-8110 has a CVSS v3 score of 8.8 (HIGH).

CVE-2025-8110

Name: gogs
Author: gogs

8.8HIGH

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

公開日: 12/10/2025更新日: 1/13/2026

CISA既知の悪用された脆弱性

Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.

必要な対応:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

期限:

2026-02-02

説明

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

AI分析AIによる分析

影響を受ける製品

gogsgogs

参照

http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
ExploitThird Party Advisory
http://www.openwall.com/lists/oss-security/2025/12/11/3
Mailing List
http://www.openwall.com/lists/oss-security/2025/12/11/4
Mailing List
https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6
Patch
https://github.com/gogs/gogs/pull/8078
ExploitIssue TrackingPatchVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110
Third Party AdvisoryUS Government Resource