An unpatched zero-day vulnerability in Gogs, a self-hosted Git service, has allowed threat actors to execute remote code and compromise over 700 servers. The attack exploits a path traversal weakness using symbolic links in the PutContents API, leading to potential system control and data overwriting risks. #Gogs #CVE-2025-8110
Keypoints
- The vulnerability CVE-2025-8110 affects Gogs, a popular self-hosted Git platform.
- Attackers use symbolic links to bypass security validations and overwrite system files.
- Over 1,400 Gogs servers were exposed online, with more than 700 showing signs of compromise.
- The malware deployed leverages the Supershell C2 framework to establish reverse SSH shells.
- Users are advised to disable open registration and monitor for suspicious activity.