Main Vulnerability Database SB2025121160

SB2025121160 - Remote code execution via path traversal in Gogs

Published: December 11, 2025 Updated: January 9, 2026

Security Bulletin ID SB2025121160

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2025-8110)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to improper symbolic link handling in the PutContents API caused by insufficient patch for #VU119868 (CVE-2024-55947). A remote user can write file to arbitrary location on the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit