CVE-2025-8110
- Source
- https://cve.org/CVERecord?id=CVE-2025-8110
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8110.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-8110
- Aliases
- Downstream
- Related
- Published
- 2025-12-10T14:16:19.847Z
- Modified
- 2026-03-11T07:47:20.262065438Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
- References
-
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110
- http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
- https://github.com/gogs/gogs/pull/8078
- https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6
- http://www.openwall.com/lists/oss-security/2025/12/11/3
- http://www.openwall.com/lists/oss-security/2025/12/11/4
- http://www.openwall.com/lists/oss-security/2026/01/17/4
- http://www.openwall.com/lists/oss-security/2026/01/18/1
- http://www.openwall.com/lists/oss-security/2026/01/18/2
Affected packages
Git / github.com/gogs/gogs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gogs/gogs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10
v0.10.1
v0.10.18
v0.10.8
v0.10rc
v0.11
v0.11.19
v0.11.29
v0.11.33
v0.11.34
v0.11.4
v0.11.43
v0.11.53
v0.11.66
v0.11.79
v0.11.86
v0.11.91
v0.11rc
v0.2.0
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.11
v0.5.13
v0.5.2
v0.5.5
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.15
v0.6.3
v0.6.5
v0.6.9
v0.7.0
v0.7.19
v0.7.22
v0.7.33
v0.7.6
v0.8.0
v0.8.10
v0.8.25
v0.8.43
v0.9.0
v0.9.113
v0.9.128
v0.9.13
v0.9.141
v0.9.46
v0.9.48
v0.9.60
v0.9.71
v0.9.97