Critical Vulnerabilities in Gogs and Jinjava Require Immediate Patching

Multiple critical vulnerabilities affecting Gogs and Jinjava have been disclosed, with severe impacts including remote code execution (RCE) and unauthorized file access. Gogs vulnerabilities include CVE-2025-64111 (RCE), CVE-2025-64175 (2FA bypass), and CVE-2026-24135 (path traversal), all affecting versions prior to 0.14.3. Jinjava's CVE-2026-25526 allows arbitrary Java code execution through a sandbox escape. The vulnerabilities can lead to full host takeover and theft of sensitive data. Administrators are urged to upgrade to patched versions immediately. Active exploitation has been reported for other vulnerabilities in related systems. The Centre for Cybersecurity Belgium emphasizes the urgency of patching to prevent potential breaches.

Key Points: • Gogs has multiple critical vulnerabilities allowing remote code execution and file manipulation. • Jinjava's vulnerability enables arbitrary Java code execution through a sandbox escape. • Immediate patching is recommended to mitigate risks of exploitation and data theft.