Ethical Hacking News
U.S. CISA adds a Gogs vulnerability to its Known Exploited Vulnerabilities catalog, highlighting concerns over symlink handling in web applications. Private organizations are urged to review their infrastructure and address the vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, affecting Gogs. The vulnerability allows local execution of code due to improper symbolic link handling in the PutContents API. Over 700 compromised instances of Gogs were found public-facing on the internet due to an automated attack exploiting the vulnerability. CISA has ordered federal agencies to fix the issue by February 2, 2026, and private organizations are urged to review their infrastructure and address vulnerabilities.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, affecting the open-source Git service, Gogs. The vulnerability, tracked as CVE-2025-8110, is an improper symbolic link handling in the PutContents API of Gogs that allows local execution of code. This finding has sparked concerns among cybersecurity experts and administrators, who are urging private organizations to review their infrastructure and address the vulnerabilities.
The discovery of this new vulnerability highlights a critical issue with symlink handling in web applications. A symlink is a type of link that points to another file or directory outside the intended scope. In this case, the Gogs vulnerability allows an attacker to create a symlink in a repository that points to a file outside the repo, and then use the API to write through the symlink. This effectively bypasses the original security measures put in place for the PutContents API.
According to Wiz Research, which initially discovered the vulnerability, there were over 700 compromised instances of Gogs public-facing on the internet. These instances had been exposed due to an automated attack that took advantage of the newly disclosed vulnerability. The researchers identified these instances using a malware incident that had occurred in July, and further investigation revealed the extent of the exposure.
The implications of this new vulnerability are significant. It shows a repeated problem with symlink handling in Gogs, which highlights the need for improved security measures to prevent such attacks in the future. Furthermore, the fact that over 700 instances were affected raises concerns about the widespread use of Gogs and the potential for similar vulnerabilities to exist in other web applications.
To address this new vulnerability, CISA has ordered federal agencies to fix the issue by February 2, 2026. Private organizations are also urged to review their infrastructure and address the vulnerabilities. This highlights the importance of proactive security measures to protect against newly discovered vulnerabilities.
The recent discovery of this Gogs vulnerability is a reminder that cybersecurity threats are constantly evolving, and new vulnerabilities can emerge at any time. It underscores the need for continued vigilance and proactive security measures to protect against these threats. By staying informed about newly disclosed vulnerabilities and taking steps to address them, organizations can help prevent attacks and minimize the risk of data breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Gogs-Vulnerability-A-New-Threat-to-Web-Applications-ehn.shtml
https://securityaffairs.com/186837/hacking/u-s-cisa-adds-a-flaw-in-gogs-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-8110
https://www.cvedetails.com/cve/CVE-2025-8110/
Published: Mon Jan 12 16:06:40 2026 by llama3.2 3B Q4_K_M
