Attention all tech enthusiasts and cybersecurity professionals: A silent but deadly threat is lurking in the shadows of a widely-used self-hosted Git service, Gogs, and it’s already wreaking havoc. But here’s where it gets even more alarming—this isn’t just any vulnerability; it’s one that hackers have been exploiting for over six months, and it’s only now being officially recognized as a critical issue. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has recently added CVE-2025-8110 to its Known Exploited Vulnerabilities Catalog, a move that underscores the severity of the situation. This remote code execution (RCE) flaw allows attackers to take full control of affected systems, and it’s a direct bypass of a previously patched vulnerability, CVE-2024-55947. And this is the part most people miss: the original fix overlooked Gogs’ use of symbolic links, which attackers are exploiting to overwrite files outside repositories, effectively hijacking systems to run malicious commands.
Cloud security firm Wiz uncovered this alarming trend while investigating a single malware-infected machine, only to find that the issue was far more widespread. In a December 10 blog post, Wiz detailed how they identified the exploitation attempts and responsibly disclosed the flaw to Gogs maintainers. However, as of now, the vulnerability remains unpatched, leaving thousands of instances at risk. Wiz reported that out of approximately 1,400 internet-facing Gogs instances (including several in Australia), over half were already compromised by Supershell-based malware. The infections shared a striking pattern: eight-character random owner/repo names created on the same day (July 10th), suggesting a coordinated effort by a single actor or group.
But here’s the controversial part: While the maintainers are working on a fix, the delay in addressing this issue raises questions about the effectiveness of current vulnerability management practices. Shouldn’t critical flaws like this be prioritized more urgently? And what does this mean for the thousands of users who rely on Gogs for their development workflows? As the cybersecurity community grapples with these questions, one thing is clear: this isn’t just a technical issue—it’s a wake-up call for better proactive security measures. What’s your take? Do you think the response to CVE-2025-8110 has been adequate, or is there room for improvement? Let’s spark a conversation in the comments below. For those eager to dive deeper, Wiz’s full analysis is available here, and you can learn more about the vulnerability itself here. Stay vigilant, and remember—in the world of cybersecurity, complacency can be costly.
