**

U.S. CISA Adds Gogs Flaw to Its Known Exploited Vulnerabilities Catalog

**

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in the popular open-source Git service, Gogs, to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2025-8110, allows authenticated users to execute code remotely on affected systems.

**

Gogs: A Lightweight, Open-Source Git Service

**

Gogs is a self-hosted Git service written in Go, designed to be lightweight and easy to use. With its open-source nature, Gogs has gained popularity among developers who want to host their own Git repositories without relying on external services.

**

The Vulnerability: A Bypass of an Earlier RCE Flaw

**

The vulnerability, CVE-2025-8110, is a bypass for an earlier Remote Code Execution (RCE) flaw, tracked as CVE-2024-55947. This earlier flaw allowed attackers to write files outside a repository and execute commands remotely. While Gogs developers fixed the initial flaw with path validation, they failed to check for symbolic links, leaving the door open for this new bypass.

**

How the Attack Works

**

The attack takes advantage of Git's symlink feature, which allows creating symlinks in a repository that point to files outside the repo. An attacker can create such a symlink and then use the API to write through it, overwriting a target file like `.git/config`. This allows the attacker to execute commands remotely.

**

A Repeated Problem with Symlink Handling

**

This is not the first time Gogs has struggled with symlink handling. The researchers noted that this vulnerability is a repeated problem, indicating a need for improved security practices in the development of Git services.

**

The Discovery: A Malware Infection and Publicly Exposed Gogs Services

**

The discovery of this vulnerability was made possible by a malware infection on a customer's cloud workload. The researchers found publicly exposed Gogs services, with approximately 1,400 instances exposed online, over 700 of which were compromised.

**

The Recommendations: Address the Vulnerabilities and Protect Your Network

**

Experts recommend that private organizations review the Known Exploited Vulnerabilities catalog and address the vulnerabilities in their infrastructure. The U.S. CISA has ordered federal agencies to fix the vulnerabilities by February 2, 2026.

**

Stay Informed: Follow Security Affairs on Social Media

**

For the latest updates on cybersecurity threats and vulnerabilities, follow us on Twitter (@securityaffairs), Facebook, and Mastodon (SecurityAffairs). Stay informed and protect your network from attacks exploiting known vulnerabilities.