{"cve_id":"CVE-2025-8110","summary":"Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.","cvss":8.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":8.8,"epss":0.21053,"ranking_epss":0.9562,"kev":true,"propose_action":"Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution.","ransomware_campaign":"Unknown","references":["http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit","http://www.openwall.com/lists/oss-security/2025/12/11/3","http://www.openwall.com/lists/oss-security/2025/12/11/4","http://www.openwall.com/lists/oss-security/2026/01/17/4","http://www.openwall.com/lists/oss-security/2026/01/18/1","http://www.openwall.com/lists/oss-security/2026/01/18/2","https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6","https://github.com/gogs/gogs/pull/8078","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110"],"published_time":"2025-12-10T14:16:19","cpes":["cpe:2.3:a:gogs:gogs:-","cpe:2.3:a:gogs:gogs:0.10","cpe:2.3:a:gogs:gogs:0.10.1","cpe:2.3:a:gogs:gogs:0.10.18","cpe:2.3:a:gogs:gogs:0.10.8","cpe:2.3:a:gogs:gogs:0.11","cpe:2.3:a:gogs:gogs:0.11.19","cpe:2.3:a:gogs:gogs:0.11.29","cpe:2.3:a:gogs:gogs:0.11.33","cpe:2.3:a:gogs:gogs:0.11.34","cpe:2.3:a:gogs:gogs:0.11.4","cpe:2.3:a:gogs:gogs:0.11.43","cpe:2.3:a:gogs:gogs:0.11.53","cpe:2.3:a:gogs:gogs:0.11.66","cpe:2.3:a:gogs:gogs:0.11.79","cpe:2.3:a:gogs:gogs:0.11.82.1218","cpe:2.3:a:gogs:gogs:0.11.86","cpe:2.3:a:gogs:gogs:0.11.91","cpe:2.3:a:gogs:gogs:0.12","cpe:2.3:a:gogs:gogs:0.12.10","cpe:2.3:a:gogs:gogs:0.12.11","cpe:2.3:a:gogs:gogs:0.12.13","cpe:2.3:a:gogs:gogs:0.12.2","cpe:2.3:a:gogs:gogs:0.12.3","cpe:2.3:a:gogs:gogs:0.12.4","cpe:2.3:a:gogs:gogs:0.12.5","cpe:2.3:a:gogs:gogs:0.12.6","cpe:2.3:a:gogs:gogs:0.12.7","cpe:2.3:a:gogs:gogs:0.12.8","cpe:2.3:a:gogs:gogs:0.12.9","cpe:2.3:a:gogs:gogs:0.13.0","cpe:2.3:a:gogs:gogs:0.13.1","cpe:2.3:a:gogs:gogs:0.13.2","cpe:2.3:a:gogs:gogs:0.13.3","cpe:2.3:a:gogs:gogs:0.2.0","cpe:2.3:a:gogs:gogs:0.3.0","cpe:2.3:a:gogs:gogs:0.3.1","cpe:2.3:a:gogs:gogs:0.4.0","cpe:2.3:a:gogs:gogs:0.4.1","cpe:2.3:a:gogs:gogs:0.4.2","cpe:2.3:a:gogs:gogs:0.5.0","cpe:2.3:a:gogs:gogs:0.5.11","cpe:2.3:a:gogs:gogs:0.5.13","cpe:2.3:a:gogs:gogs:0.5.2","cpe:2.3:a:gogs:gogs:0.5.5","cpe:2.3:a:gogs:gogs:0.5.8","cpe:2.3:a:gogs:gogs:0.5.9","cpe:2.3:a:gogs:gogs:0.6.0","cpe:2.3:a:gogs:gogs:0.6.1","cpe:2.3:a:gogs:gogs:0.6.15","cpe:2.3:a:gogs:gogs:0.6.3","cpe:2.3:a:gogs:gogs:0.6.5","cpe:2.3:a:gogs:gogs:0.6.9","cpe:2.3:a:gogs:gogs:0.7.0","cpe:2.3:a:gogs:gogs:0.7.19","cpe:2.3:a:gogs:gogs:0.7.22","cpe:2.3:a:gogs:gogs:0.7.33","cpe:2.3:a:gogs:gogs:0.7.6","cpe:2.3:a:gogs:gogs:0.8.0","cpe:2.3:a:gogs:gogs:0.8.10","cpe:2.3:a:gogs:gogs:0.8.25","cpe:2.3:a:gogs:gogs:0.8.43","cpe:2.3:a:gogs:gogs:0.9.0","cpe:2.3:a:gogs:gogs:0.9.113","cpe:2.3:a:gogs:gogs:0.9.128","cpe:2.3:a:gogs:gogs:0.9.13","cpe:2.3:a:gogs:gogs:0.9.141","cpe:2.3:a:gogs:gogs:0.9.46","cpe:2.3:a:gogs:gogs:0.9.48","cpe:2.3:a:gogs:gogs:0.9.60","cpe:2.3:a:gogs:gogs:0.9.71","cpe:2.3:a:gogs:gogs:0.9.97"]}