A critical warning about a path traversal vulnerability in Gogs, a self-hosted Git service, that is being actively exploited in the wild.
The vulnerability, tracked as CVE-2025-8110, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on January 12, 2026, signaling active exploitation by threat actors.
| CVE ID | CVE-2025-8110 |
|---|---|
| Vulnerability Type | Path Traversal – Improper Symbolic Link Handling |
| Related CWE | CWE-22 |
| Impact | Code Execution |
CVE-2025-8110 affects Gogs and stems from improper symbolic link handling in the PutContents API. This path traversal flaw allows attackers to escape restricted directories and potentially execute arbitrary code on vulnerable systems.
The vulnerability is associated with CWE-22, which describes improper limitation of pathnames to restricted directories.
Path traversal vulnerabilities occur when attackers use special elements, such as “../” sequences, to navigate outside intended directories and access sensitive files or execute malicious code.
In Gogs’ case, the flaw in symbolic link handling creates an opportunity for attackers to manipulate file paths and achieve code execution.
CISA’s addition of CVE-2025-8110 to the KEV catalog indicates that threat actors are actively exploiting this vulnerability in real-world attacks.
While it remains unknown whether the flaw is being used in ransomware campaigns, the potential for code execution makes it a severe security risk for organizations running affected Gogs installations.
Federal agencies must address this vulnerability by February 2, 2026, according to Binding Operational Directive (BOD) 22-01.
Organizations are urged to apply vendor-supplied patches and mitigations immediately. For cloud service deployments, administrators should follow the guidance in BOD 22-01.
If mitigations are unavailable, CISA recommends discontinuing use of the vulnerable product.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
