Ethical Hacking News
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability was added to its Known Exploited Vulnerabilities (KEV) catalog, citing the risk of remote code execution.
Over 700 internet-exposed Gogs instances were confirmed compromised in ongoing attacks. A zero-day vulnerability (CVE-2025-8110) was identified, allowing authenticated users to bypass protections and overwrite arbitrary files on the host system. Gogs has yet to ship a fix for the flaw, leaving users scrambling for stopgaps such as disabling open registration and shielding instances behind VPNs. More than 1,400 servers found reachable online, highlighting the severity of the issue.
Cybersecurity experts and government agencies are abuzz with the news that a critical vulnerability has been identified in the Git server, Gogs, which has left many federal agencies scrambling to patch their systems or risk falling victim to malicious attacks. According to recent reports from the Cybersecurity and Infrastructure Security Agency (CISA), the zero-day vulnerability, tracked as CVE-2025-8110, was first brought to light by Wiz security researchers in December, who stumbled upon it while investigating malware on an infected machine.
The bug, which allows authenticated users to bypass protections and overwrite arbitrary files on the host system, effectively granting remote code execution, has already had a significant impact. More than 700 internet-exposed Gogs instances were confirmed compromised in ongoing attacks at the time of disclosure, with upwards of 1,400 servers found reachable online.
Gogs, which is written in Go and allows users to host Git repositories on their own servers or cloud infrastructure, has yet to ship a fix for the flaw, leaving users scrambling for stopgaps such as disabling open registration and shielding instances behind VPNs. Wiz described the vulnerability as a bypass of a prior fix and easy to exploit with default settings enabled, noting: "Unfortunately, the fix implemented for the previous CVE did not account for symbolic links."
The previous attempt to close the hole failed to account for that combination, leaving a gap that attackers could slip through. While the threat hunters haven't attributed the attacks to a particular person or group, "our assumption, based on threat actors using Supershell C2, is they are located in Asia," Wiz researcher Yaara Shriki told The Register.
This highlights the importance of keeping software up-to-date and patching vulnerabilities as soon as possible. The fact that more than 700 Gogs instances were compromised within months of the vulnerability being discovered underscores the severity of the issue. Moreover, the lack of a fix for this bug by Gogs itself raises questions about the company's commitment to security.
The CISA advisory warns that the vulnerability is being weaponized in attacks, and that agencies should apply mitigations or simply stop using the product if workarounds aren't available. This puts federal agencies on high alert, as they are tasked with securing sensitive data and preventing unauthorized access.
In light of this critical vulnerability, it is essential for users to assess their current Gogs setup and take immediate action to secure their systems. Disabling open registration and shielding instances behind VPNs can provide a temporary fix until a patch becomes available. However, the lack of an official patch from Gogs itself highlights the need for alternative solutions.
Moreover, this vulnerability serves as a stark reminder of the importance of robust cybersecurity measures in protecting sensitive data. With the increasing reliance on cloud-based infrastructure and software, the potential consequences of such vulnerabilities can be catastrophic.
As the government continues to grapple with the fallout from this zero-day, it is crucial that users prioritize their security and take proactive steps to prevent similar incidents. This includes keeping software up-to-date, implementing robust cybersecurity measures, and staying vigilant for potential threats.
In conclusion, the recent discovery of the Gogs vulnerability serves as a wake-up call for federal agencies and individuals alike. The severity of this issue demands immediate attention, and the need for swift action cannot be overstated. As we move forward in an increasingly digital landscape, it is essential that we prioritize security and take proactive steps to protect ourselves against such vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to stop using Gogs or lock it down immediately after a high-severity vulnerability was added to its Known Exploited Vulnerabilities (KEV) catalog, citing the risk of remote code execution.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Vulnerability-Thats-Got-the-Federal-Governments-Attention-The-Gogs-Zero-Day-ehn.shtml
Published: Tue Jan 13 07:10:47 2026 by llama3.2 3B Q4_K_M
