External risk intelligence

Gogs PutContents API Vulnerability Allows Code Execution.

CVE advisoryKnown Exploit

CVE-2025-8110

A vulnerability in Gogs' PutContents API allows for code execution due to improper symbolic link handling. This impacts organizations by potentially allowing attackers to compromise systems and data. The realistic business risk is significant, as exploitation can lead to unauthorized control.

4Halo Surface Signal

Path Traversal

Gogs

0.13.3 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2025-8110

Gogs is a self-hosted Git service commonly deployed as a web-based application to facilitate remote access for development teams. Because it is designed to be a network-accessible service for code hosting and collaboration, it is frequently exposed to the internet or wide internal networks, making its web API interfaces reachable in common deployment patterns.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

The Gogs application has a flaw in how it handles symbolic links within its PutContents API. This weakness allows unauthorized code to be executed on systems where Gogs is deployed. Such an event could lead to significant business risk, potentially compromising system integrity and data confidentiality.

  • Gogs PutContents API
  • Improper symbolic link handling
  • Local code execution and system compromise

Attack Path

How an attacker could exploit the issue

The Gogs application has an exposure through its PutContents API due to improper handling of symbolic links. An attacker with low privileges could exploit this by sending a specially crafted request. Successful exploitation allows for local code execution, potentially leading to broader system compromise.

  • Network-accessible service
  • Attacker sends malicious request
  • Code execution occurs

Live Threat

Current exploitation, exposure, and threat context

A vulnerability in the PutContents API of Gogs could allow attackers to execute code. This issue stems from improper handling of symbolic links. Exploiting this vulnerability could lead to significant damage to affected systems and data. Organizations should treat this as a high-priority concern.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access, authenticated user
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The Gogs PutContents API has a vulnerability that allows for local code execution due to improper symbolic link handling. This impacts organizations by potentially allowing attackers to gain control of systems where Gogs is deployed. The vulnerability has a high severity score, indicating a significant risk.

  • Identify Gogs instances.
  • Restrict network access.
  • Apply vendor fix, verify, and monitor.

Frequently asked questions

What is Gogs and what is its purpose?

Gogs is an open-source, self-hosted Git service designed for teams to host and manage their code repositories. It offers a web interface for version control, issue tracking, and collaboration, functioning similarly to platforms like GitHub or GitLab but intended for installation on private servers.

What weakness class is associated with CVE-2025-8110?

CVE-2025-8110 is classified under CWE-22, which denotes a path traversal vulnerability. This type of weakness arises from the improper handling of user-supplied input, allowing attackers to access files and directories outside of the intended scope.

How can an attacker exploit the symbolic link handling in Gogs' PutContents API?

An attacker can exploit the improper handling of symbolic links in Gogs' PutContents API by sending a specially crafted request. This allows them to trick the API into writing files to unintended locations on the server, leading to local code execution.

What is the relevance of CVE-2025-8110 for organizations?

CVE-2025-8110 presents a significant risk as it allows for code execution on Gogs servers, potentially leading to system compromise and data breaches. Given its network-accessible nature and the potential for unauthorized code execution, organizations should prioritize addressing this vulnerability. The Halo Surface Signal indicates a 'Likely' exposure due to Gogs' common deployment patterns as a network-accessible service.

What steps should organizations take to respond to this vulnerability?

Organizations should first identify all instances of Gogs within their infrastructure. It is advisable to restrict network access to Gogs instances where possible, apply the vendor-provided fix as soon as it becomes available, and thoroughly verify the implementation of the fix. Continuous monitoring for any suspicious activity is also recommended.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified