Zero-Day Drama: Over 700 Gogs Git Servers Hacked Amid Missing Fix!

Attackers are exploiting a Gogs zero-day bug, and more than 700 instances are compromised. While the flaw in the self-hosted Git service remains unfixed, Wiz researchers urge users to disable open-registration. Meanwhile, Gogs’ maintainers are scrambling for a fix, hoping it arrives before hackers get too comfortable.

3P
Published: December 10, 2025 9:39 pmAdded: December 10, 2025 at 1:57 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Gogs, the self-hosted Git service, is experiencing a mid-life crisis and is being exploited through a zero-day vulnerability. While it’s busy soul-searching, hackers are having a field day. Time to grab some popcorn as the plot thickens, and Gogs’ maintainers scramble to patch things up. Who knew Git repositories could be this dramatic?

Key Points:

  • A zero-day bug, CVE-2025-8110, is being actively exploited in the Gogs Git service.
  • More than 700 instances have been compromised, with attacks leveraging symlink vulnerabilities.
  • The flaw enables remote code execution by overwriting critical files outside the repository.
  • Wiz researchers accidentally discovered the bug while investigating malware.
  • No fix is available yet, but disabling open-registration and using a VPN can mitigate risks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?