← back
CVE-2025-8110

File overwrite in file update API in Gogs

CVSS 8.7 HIGHEPSS 76.5%● KEVCWE-22
In short

A flaw in Gogs' file update API fails to properly handle symbolic links, allowing an attacker to overwrite arbitrary files on the system. This can lead to executing malicious code by replacing critical files.

Technical detail

CWE-22 path traversal vulnerability in the PutContents API permits improper symbolic link resolution, enabling local file overwrite. An authenticated or local attacker can exploit this to replace sensitive files and achieve arbitrary code execution without proper path validation.

Summary generated and translated by AI from the official description.
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
Affected products
Gogs · Gogs
public PoCs found15
githubgithub.com/zAbuQasem/gogs-CVE-2025-811027githubgithub.com/rxerium/CVE-2025-811022githubgithub.com/kayl22/cve-2025-8110-GOGS-RCE4githubgithub.com/Ghxstsec/CVE-2025-81102githubgithub.com/3jee/CVE-2025-81102githubgithub.com/0dgt/CVE-2025-81101githubgithub.com/George0Papasotiriou/CVE-2025-8110-Gogs-Remote-Code-Execution1githubgithub.com/get-xor/coreweave-demo-2026-050githubgithub.com/mananispiwpiw/CVE-2025-8110-PoC0githubgithub.com/tovd-go/CVE-2025-81100githubgithub.com/111ddea/goga-cve-2025-81100githubgithub.com/popyue/CVE-2025-81100githubgithub.com/X4BROZER/CVE-2025-81100githubgithub.com/hassan-hamadi/CVE-2025-8110-Silentium-HTB0githubgithub.com/AdityaInnovates/CVE-2025-8110-Gogs-RCE-Exploit0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6https://github.com/gogs/gogs/pull/8078https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploithttp://www.openwall.com/lists/oss-security/2025/12/11/3http://www.openwall.com/lists/oss-security/2025/12/11/4http://www.openwall.com/lists/oss-security/2026/01/17/4http://www.openwall.com/lists/oss-security/2026/01/18/1http://www.openwall.com/lists/oss-security/2026/01/18/2