Over 700 Gogs Instances Compromised by Zero-Day Exploit (CVE-2025-8110)

Over 700 Gogs Instances Compromised by Zero-Day Exploit (CVE-2025-8110)

First seen 10 Dec 2025, 22:48 UTC WizTheregisterBleepingcomputerScworldDarkreading 84% similarity 66.5

Article Content

Browse articles
ThreatCluster

A zero-day vulnerability in Gogs, a self-hosted Git service, is being actively exploited, affecting over 700 instances. Discovered by Wiz Research during a malware investigation, the vulnerability allows authenticated users to execute remote code by overwriting files outside the repository. As of December 1, 2025, a patch has not yet been released.

ThreatCluster AI

Community

Browse all →