CVE-2025-8110
File overwrite in file update API in Gogs
Description
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
INFO
Published Date :
Dec. 10, 2025, 2:16 p.m.
Last Modified :
Dec. 12, 2025, 3:18 p.m.
Remotely Exploit :
Yes !
Source :
9947ef80-c5d5-474a-bbab-97341a59000e
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 4.0 | HIGH | 9947ef80-c5d5-474a-bbab-97341a59000e | ||||
| CVSS 4.0 | HIGH | 9947ef80-c5d5-474a-bbab-97341a59000e |
Solution
- Update Gogs to the latest version.
- Review and sanitize all symbolic link operations.
- Implement strict input validation for API calls.
Public PoC/Exploit Available at Github
CVE-2025-8110 has a 3 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-8110.
| URL | Resource |
|---|---|
| http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit | |
| http://www.openwall.com/lists/oss-security/2025/12/11/3 | |
| http://www.openwall.com/lists/oss-security/2025/12/11/4 |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-8110 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-8110
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
CVE-2025-8110 PoC
Python
CVE-2025-8110
Python
Detection template for CVE-2025-8110
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-8110 vulnerability anywhere in the article.
-
Daily CyberSecurity
The Developer Win: GitHub Postpones Self-Hosted Runner Fee After Massive Community Outcry
Recently, the code hosting platform GitHub published a blog post announcing that, starting March 1, 2026, GitHub Actions would begin charging an additional platform fee. Under the proposed change, dev ... Read more
-
Daily CyberSecurity
CVE-2025-37164 (CVSS 10.0): Unauthenticated HPE OneView RCE Grants Total Control Over Data Centers
Hewlett Packard Enterprise (HPE) has sounded the alarm on a catastrophic security vulnerability in its flagship infrastructure management software, OneView. The flaw, tracked as CVE-2025-37164, has be ... Read more
-
Daily CyberSecurity
CISA Alert: Chinese Hackers Weaponize CVSS 10 Cisco Zero-Day & SonicWall Exploit Chains
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive adding three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that ha ... Read more
-
Daily CyberSecurity
Cisco Zero-Day Siege: Chinese Group UAT-9686 Deploys ‘Aqua’ Malware via CVSS 10 Root Exploit
A critical zero-day vulnerability in Cisco’s secure email appliances is under active siege by a sophisticated Chinese hacking group, granting them total control over sensitive network gateways. The ca ... Read more
-
Daily CyberSecurity
Academic Ambush: How the Forum Troll APT Hijacks Scholars’ Systems via Fake Plagiarism Reports
A relentless Advanced Persistent Threat (APT) group known as “Forum Troll” has shifted its crosshairs from corporate networks to the academic elite, launching a precision phishing campaign against Rus ... Read more
-
Daily CyberSecurity
Locked Out of the Cloud: Hackers Use AWS Termination Protection to Hijack ECS for Unstoppable Crypto Mining
In a striking display of cloud-native tradecraft, cybercriminals have been caught turning legitimate AWS environments into illicit cryptocurrency mining farms, utilizing a “novel persistence technique ... Read more
-
Daily CyberSecurity
Blurred Deception: Russian APT Targets Transnistria and NATO with High-Pressure Phishing Lures
A sophisticated Russian Advanced Persistent Threat (APT) group has launched a targeted credential harvesting campaign against the governing body of Transnistria (the Pridnestrovian Moldavian Republic) ... Read more
-
Daily CyberSecurity
“Better Auth” Framework Alert: The Double-Slash Trick That Bypasses Security Controls
A high-severity vulnerability has been disclosed in Better Auth, a rapidly growing authentication framework for TypeScript, potentially allowing attackers to bypass critical access controls with a sim ... Read more
-
Daily CyberSecurity
Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes
A sophisticated Chinese cyber-espionage group is rewriting the rules of persistence, turning compromised government servers into a living, breathing command network. A new report from Check Point Rese ... Read more
-
Daily CyberSecurity
CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover
A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text manipulation, preventing what could have been a widespread remote code execution (RCE) crisis. T ... Read more
-
Daily CyberSecurity
Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users
A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of developers to retrieve system metrics. Tracked as CVE-2025-68154, the fla ... Read more
-
Daily CyberSecurity
Self-Hosting No Longer Free: GitHub Introduces New $0.002/Min Platform Fee for Actions
Microsoft-owned code hosting platform GitHub has announced a new pricing change for its Actions service. Previously, GitHub Actions offered a free control plane: as long as workflows ran on servers no ... Read more
-
Daily CyberSecurity
Prompt to Play: YouTube’s New Gemini 3 Tool Lets Creators Speak Games Into Existence
Google’s fixation on embedding AI across all of its services appears boundless. Following earlier experiments with the “Playables” mini-game feature on YouTube, YouTube Gaming has now announced an ope ... Read more
-
Daily CyberSecurity
Hardware Inflation: Dell Hikes Business PC Prices by up to 30% as Memory Costs Skyrocket
Dell recently circulated an internal memo to employees disclosing that, due to rising costs for memory and storage hardware, prices for its business-oriented products will increase starting December 1 ... Read more
-
Daily CyberSecurity
“Too Many Pointless Things”: Torvalds Rejects TSEM Module, Sparking a Linux Security Civil War
A fresh dispute has flared up within the Linux kernel developer community over security modules. The trigger was an appeal from one contributor who revisited a proposal made three years ago for a modu ... Read more
-
Daily CyberSecurity
NVIDIA Critical AI Patch: Isaac Lab and NeMo Framework Flaws Risk Full Code Execution
NVIDIA has rolled out a sweeping security update addressing multiple high-severity vulnerabilities across its AI and simulation ecosystem. The patches cover the NeMo Framework, Resiliency Extension, a ... Read more
-
Daily CyberSecurity
Google Chrome Emergency Update: High-Severity Memory Corruption Flaws Fixed in WebGPU and V8
Google has rolled out an important security update for the Stable desktop channel, patching two high-severity vulnerabilities that expose users to potential memory corruption attacks. The release brin ... Read more
-
Daily CyberSecurity
Critical FreePBX Flaw (CVE-2025-66039) Risks PBX Takeover via Authentication Bypass in ‘webserver’ Auth Mode
A critical security vulnerability has been discovered in FreePBX, the world’s most popular open-source PBX platform, potentially leaving thousands of phone systems vulnerable to complete takeover. Tra ... Read more
-
Daily CyberSecurity
Windows Admin Center Flaw (CVE-2025-64669): How a Simple Folder Permission Opened the Door to SYSTEM Access
A high-severity security oversight in Microsoft’s Windows Admin Center (WAC) has been unearthed, revealing how a basic permission error could allow any standard user to seize complete control of a ser ... Read more
-
Daily CyberSecurity
GhostPairing: New Attack Hijacks WhatsApp via Linked Devices, Tricking Users with Fake Facebook QR Code
A deceptive new cyberattack campaign is turning one of WhatsApp’s most convenient features into a weapon, allowing hackers to take full control of user accounts without ever stealing a password or tou ... Read more
The following table lists the changes that have been made to the
CVE-2025-8110 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Dec. 11, 2025
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2025/12/11/4 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Dec. 11, 2025
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2025/12/11/3 -
New CVE Received by 9947ef80-c5d5-474a-bbab-97341a59000e
Dec. 10, 2025
Action Type Old Value New Value Added Description Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:X Added CWE CWE-22 Added Reference http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit