CVE Field Guide
About Us
CVE-2025-8110
PUBLISHED
File overwrite in file update API in Gogs
Assigner:
Wiz
Reserved:
24.07.2025
Published:
10.12.2025
Updated:
26.02.2026
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
Metrics
CVSS 4.0
CVSS Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:Y/R:U/V:C
CVSS Score:
8.7
CVSS score
8.7
Exploitability Metrics
Vulnerable System Impact Metrics
Subsequent System Impact Metrics
Attack Vector
Network
Confidentiality
High
Confidentiality
None
Attack Complexity
Low
Integrity
High
Integrity
None
Attack Requirements
None
Availability
High
Availability
None
Privileges Required
Low
User Interaction
None
CVSS 4.0
Product Status
Vendor
Gogs
Product
Gogs
Versions
Default:
unaffected
affected from 0 to 0.13.3 (incl.)
References
http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit
Problem Types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE
Impacts
CAPEC-549 Local Execution of Code