Gogs Git Service Vulnerability: Hackers Pull a Fast One on 700+ Servers!
The Gogs RCE vulnerability, CVE-2025-8110, is causing chaos as attackers exploit it to take over servers. This zero-day flaw sneaks in through symbolic links, bypassing previous fixes. Gogs users should batten down the hatches by disabling open registration and checking for any suspicious activity before their servers become hacker hotels.
Hot Take:
Looks like Gogs took a page from the book of “How to Make Cybersecurity Experts Sweat Profusely.” With more holes than a block of Swiss cheese, this self-hosted Git service might just need a new name—something like “Googs,” because that’s what you’ll be doing a lot of to solve these problems. Here’s hoping they patch things up before their users start feeling like they’re living in a phishing village!
Key Points:
- Gogs, a popular self-hosted Git service, has a zero-day vulnerability allowing remote code execution.
- The vulnerability, CVE-2025-8110, stems from a path traversal weakness in the PutContents API.
- Over 1,400 Gogs servers are exposed online, with more than 700 showing signs of compromise.
- The malware used exploits Supershell, an open-source command-and-control (C2) framework.
- Users are advised to disable open registration and use VPNs to secure their servers.
Already a member? Log in here