Main Vulnerability Database Vulnerabilities #VU119869

Path traversal in gogs - CVE-2025-8110

Published: December 11, 2025 / Updated: April 27, 2026

Vulnerability identifier: #VU119869

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2025-8110

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: gogs.io

Affected software:
gogs

Detailed vulnerability description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to improper symbolic link handling in the PutContents API caused by insufficient patch for #VU119868 (CVE-2024-55947). A remote user can write file to arbitrary location on the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

How to mitigate CVE-2025-8110

Install update from vendor's website.

Sources

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit

Path traversal in gogs - CVE-2025-8110

Detailed vulnerability description

How to mitigate CVE-2025-8110

Sources

Please verify you're human