A critical zero-day vulnerability (CVE-2025-8110) in Gogs, a popular self-hosted Git service, is being actively exploited by attackers who have already compromised over 700 instances. The flaw allows authenticated users to bypass security protections using symbolic links, leading to remote code execution.
Discovered on July 10, 2025, the vulnerability exploits how Gogs handles file modifications through its API. Attackers create repositories with symlinks pointing to sensitive system files, then use the API to overwrite critical files and inject malicious commands.
The attacks appear automated, targeting instances with open registration enabled. Infected servers show repositories with random 8-character names and deploy Supershell malware for persistent access. Despite responsible disclosure in July, no patch is available yet.
Source: Cybersecurity News