The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Gogs, a self-hosted Git service, to its Known Exploited Vulnerabilities catalog, warning that the flaw is being actively exploited in the wild.
Critical Vulnerability Details
Tracked as CVE-2025-8110, the vulnerability is a path-traversal flaw in Gogs’ improper symbolic link handling in the PutContents API.
This weakness could enable threat actors to execute arbitrary code on vulnerable systems, posing significant security risks to organizations using the platform.
The vulnerability is categorized under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly known as “Path Traversal.”
This type of flaw allows attackers to access files and directories stored outside the intended location by manipulating path references.
CISA’s inclusion of CVE-2025-8110 in the KEV catalog, dated January 12, 2026, signals that attackers are already leveraging this vulnerability in real-world attacks.
While it remains unknown whether the flaw has been incorporated into ransomware campaigns, the potential for code execution makes it a high-priority security concern.
Federal agencies and organizations must address this vulnerability by February 2, 2026, according to CISA’s Binding Operational Directive 22-01.
CISA urges organizations to take immediate action by applying security patches and mitigations provided by Gogs developers.
For cloud service deployments, administrators should follow the guidance in BOD 22-01. If patches or mitigations are unavailable, organizations are advised to discontinue using the affected product until a fix is released.
System administrators should prioritize patching Gogs installations, monitor for suspicious API activity, and implement network segmentation to limit the potential impact of exploits.
Organizations should also review access controls and audit logs for any signs of unauthorized access or attempted code execution.
Given the active exploitation status, security teams must treat this vulnerability as a critical priority and accelerate remediation efforts to protect their infrastructure.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.