How severe is CVE-2025-8110?

CVE-2025-8110 has a CVSS v3 score of 8.8 (HIGH).

CVE-2025-8110

Name: gogs
Author: gogs

8.8HIGH

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

发布于: 12/10/2025更新于: 1/13/2026

CISA已知被利用漏洞

Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.

所需操作:

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

截止日期:

2026-02-02

描述

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

AI分析AI驱动

受影响产品

gogsgogs

参考资料

http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
ExploitThird Party Advisory
http://www.openwall.com/lists/oss-security/2025/12/11/3
Mailing List
http://www.openwall.com/lists/oss-security/2025/12/11/4
Mailing List
https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6
Patch
https://github.com/gogs/gogs/pull/8078
ExploitIssue TrackingPatchVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110
Third Party AdvisoryUS Government Resource