CVE-2025-8110: Gogs vulnerable to a bypass of CVE-2024-55947
(updated )
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
References
- github.com/advisories/GHSA-mq8m-42gh-wq7r
- github.com/gogs/gogs
- github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6
- github.com/gogs/gogs/pull/8078
- github.com/gogs/gogs/pull/8082
- nvd.nist.gov/vuln/detail/CVE-2025-8110
- www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8110
Code Behaviors & Features
Detect and mitigate CVE-2025-8110 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →