CVE-2025-8110

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
WizCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
Vulnerability Media Exposure
References
http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit