700+ Gogs Git Servers Hacked: The Zero-Day Comedy of Errors Continues!

Batten down the hatches, folks! Over 700 Gogs instances have been compromised through an unpatched zero-day vulnerability. This digital bug, CVE-2025-8110, lets attackers overwrite files outside the repository and execute remote code. So, if you’re running Gogs version 0.13.3 or older, it’s time to fix your Git sitch pronto!

3P
Published: December 11, 2025 12:05 pmAdded: December 11, 2025 at 4:27 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Gogs just got goggled! Someone let 700 instances slip through the cracks with a zero-day vulnerability that was as sneaky as a cat burglar in a top hat. Maybe it’s time for Gogs to put on its big boy shoes and patch up those holes before more servers get whisked away in the night!

Key Points:

  • Over 700 Gogs instances compromised due to a zero-day vulnerability.
  • Vulnerability tracked as CVE-2025-8110, related to improper symbolic link handling.
  • Attackers can overwrite files and achieve remote code execution.
  • Over 1,400 Gogs instances are exposed, with more than 700 already affected.
  • A patch is in development, but not yet available as of December 10.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?