Main Vulnerability Database Vulnerabilities #VU119869

#VU119869 Path traversal in gogs - CVE-2025-8110

Published: December 11, 2025 / Updated: January 9, 2026

Vulnerability identifier: #VU119869

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2025-8110

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
gogs

Software vendor:
gogs.io

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to improper symbolic link handling in the PutContents API caused by insufficient patch for #VU119868 (CVE-2024-55947). A remote user can write file to arbitrary location on the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit

#VU119869 Path traversal in gogs - CVE-2025-8110

Description

Remediation

External links

Please verify you're human