CVE-2025-8110

ENISA EUVD: EUVD-2025-202425 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles Published: 2025-12-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

17.74%

probability

This CVE has a 17.74% probability of being exploited in the next 30 days.

0% Top 95.2th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

8.7

HIGH

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

High

Vulnerable System Availability Impact

High

Subsequent System Confidentiality Impact

None

Subsequent System Integrity Impact

None

Subsequent System Availability Impact

None

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C

CVSS v3.1

Source: NVD

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Affected Products

Gogs

gogs

0 ≤13.3

gogs

0 ≤0.13.3

gogs

0 ≤0.13.3

Attack Intelligence

CWE-22 · Path Traversal CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

zAbuQasem/gogs-CVE-2025-8110

CVE-2025-8110 PoC

23 2025-12-24

rxerium/CVE-2025-8110

Detection template for CVE-2025-8110

22 2025-12-11

TYehan/CVE-2025-8110-Gogs-RCE-Exploit

Gogs CVE-2025-8110 RCE Exploit

4 2026-04-12

3jee/CVE-2025-8110

CVE-2025-8110 — Gogs <= 0.13.3 Arbitrary File Write via Symlink Traversal in PutContents API

2 2026-04-11

Ghxstsec/CVE-2025-8110

2 2026-04-20

kayl22/cve-2025-8110-GOGS-RCE

GOGS RCE cve-2025-8110 python script that automates the whole attack chain of creating a repository with a symlink file pointing to .git/config and th

2 2026-04-11

George0Papasotiriou/CVE-2025-8110-Gogs-Remote-Code-Execution

1 2026-02-10

0dgt/CVE-2025-8110

RCE exploit for Gogs <= 0.13.3

1 2026-04-12

111ddea/goga-cve-2025-8110

验证 Gogs 版本 0.13.2 是否存在 **CVE-2025-8110 (符号链接文件覆盖)** 漏洞。

0 2025-12-24

tovd-go/CVE-2025-8110

0 2025-12-24

freiwi/CVE-2025-8110

🔍 Detect improper symbolic link handling in Gogs' PutContents API, exposing local code execution risks for versions 0.13.3 and earlier.

0 2026-05-23

popyue/CVE-2025-8110

Gogs Symlink Traversal → RCE

0 2026-04-13

X4BROZER/CVE-2025-8110

Gogs RCE PoC - CVE-2025-8110

0 2026-04-15

hassan-hamadi/CVE-2025-8110-Silentium-HTB

CVE-2025-8110 Specifically for the Silentium box on HTB.

0 2026-04-17

get-xor/coreweave-demo-2026-05

Verified vulnerability journey for CVE-2025-8110 (Gogs) and CVE-2025-3248 (Langflow) — risk triage, exploitability verification, verified patches.

0 2026-05-20

mananispiwpiw/CVE-2025-8110-PoC

CVE-2025-8110 Proof of Concept

0 2026-05-20

16 repos — triés par ⭐ Rechercher sur GitHub ↗

http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit

Signal Intelligence

Confidenceⓘ

95%

EPSS 17.74%

CVSS v4.0 8.7

CVSS v3.1 8.8

Mentions 4

Last Seen Jan 13, 2026

CNA Information

CNA Assigner

Wiz

CNA Title

File overwrite in file update API in Gogs

Analyst Note

CVE-2025-8110 meets all zero-day criteria: explicitly described as 'zero-day' and 'unpatched' in multiple authoritative sources (BleepingComputer, TheHackerNews), active exploitation documented across 700+ instances, CISA warning issued and KEV listing confirmed, and exploitation occurred before patch availability (published 2025-12-10 with no prior patch date indicated).