Full Report
Git server flaw that attackers have been abusing for months has now caught the attention of US cyber cops CISA has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability in the self-hosted Git service was added to its Known Exploited Vulnerabilities (KEV) catalog.…
Analysis Summary
# Vulnerability: Path Traversal Leading to Arbitrary File Overwrite in Gogs
## CVE Details
- CVE ID: CVE-2025-8110
- CVSS Score: High severity (Specific score not provided in text, but context implies high risk commensurate with exploitation)
- CWE: Path Traversal (Implied by functionality description)
## Affected Systems
- Products: Gogs (Self-hosted Git service)
- Versions: All versions prior to the patch release (No specific version ranges provided, but implied *all* installations exposed to the internet are at risk until fixed).
- Configurations: Instances where the vulnerability remains unpatched.
## Vulnerability Description
This is a high-severity path traversal vulnerability in Gogs. The flaw exists because a previous fix for an older vulnerability failed to account for the use of symbolic links (symlinks). Authenticated users can exploit this vulnerability to bypass security protections, leverage symlinks to point outside the intended repository working tree, and overwrite arbitrary files on the host system, which can ultimately lead to Remote Code Execution (RCE).
## Exploitation
- Status: Exploited in the wild (Being weaponized in attacks; over 700 instances confirmed compromised).
- Complexity: Low (Described as "easy to exploit with default settings enabled").
- Attack Vector: Network (Requires an authenticated user, likely via the Git service interface).
## Impact
- Confidentiality: High (Potential RCE allows access to system data).
- Integrity: High (Arbitrary file overwrite capability).
- Availability: High (RCE can lead to system compromise or denial of service).
## Remediation
### Patches
- Status: **No fix has been shipped by Gogs as of the time of the article.**
### Workarounds
- Disable open registration on Gogs instances.
- Shield Gogs instances behind VPNs.
- CISA recommendation for federal agencies: Stop using Gogs immediately if workarounds are insufficient.
## Detection
- Indicators of Compromise: Use of "Supershell C2" (mentioned by researchers as related to attackers).
- Detection methods and tools: Monitoring for unauthorized modifications to system files originating from the Gogs process, especially those related to directory traversal patterns.
## References
- [CISA KEV listing announcement (Defanged)](https://www.cisa.gov/news-events/alerts/2026/01/12/cisa-adds-one-known-exploited-vulnerability-catalog)