Gogs Security Update Advisory (CVE-2025-8110)

Dec 19 2025

Overview

We have released a security update to address a vulnerability in Gogs. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-8110

Gogs Version: 0.13.3 and earlier

Resolved Vulnerabilities

Local code execution vulnerability due to poor handling of symbolic links in the PutContents API in Gogs (CVE-2025-8110)

Remediation

CVE-2025-8110

As a patch is not yet available at the time of writing, users are advised to take the following interim measures
– disable the open-registration feature if not required
– Use a VPN or restrict access to your servers via an allowlist of IPs to allow access
– Check for unusual usage of the PutContents API and the creation of repositories with random 8-digit names to determine if you have been compromised

Reference

[1] Gogs 0-Day Exploited in the Wild
https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
[2] CVE-2025-8110 Detail
https://nvd.nist.gov/vuln/detail/CVE-2025-8110

Gogs Security Update Advisory (CVE-2025-8110)

AWS Product Security Update Advisory (CVE-2025-12779)

Google Chrome Browser (143.0.7499.146/.147) Security Update Advisory

Tags:

AWS Product Security Update Advisory (CVE-2025-12779)

Google Chrome Browser (143.0.7499.146/.147) Security Update Advisory