← Back to BrewedIntel
vulnerabilityhighZero-Day ExploitationCVE-2025-8110

Dec 10, 2025 • Wiz Security Research

Gogs 0-Day Exploited in the Wild

Wiz Threat Research has confirmed active exploitation of a previously unknown vulnerability, identified as CVE-2025-8110, affecting the Gogs self-hosted Git...

Source
Wiz Security Research
Category
vulnerability
Severity
high

Executive Summary

Wiz Threat Research has confirmed active exploitation of a previously unknown vulnerability, identified as CVE-2025-8110, affecting the Gogs self-hosted Git service. This zero-day vulnerability is currently being leveraged by threat actors in the wild, posing a significant risk to organizations utilizing this platform for source code management. While specific attribution to a named threat group or associated malware family has not been disclosed in this report, the active exploitation status indicates an immediate threat to confidentiality and integrity. Organizations are urged to prioritize patching or implementing compensating controls immediately to prevent unauthorized access. The severity is assessed as high due to the active nature of the campaign. Further monitoring is recommended to identify potential post-exploitation activities, such as data exfiltration or cryptocurrency mining, which often accompany such intrusions. Immediate vulnerability management is crucial.

Summary

Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110

Published Analysis

Wiz Threat Research has confirmed active exploitation of a previously unknown vulnerability, identified as CVE-2025-8110, affecting the Gogs self-hosted Git service. This zero-day vulnerability is currently being leveraged by threat actors in the wild, posing a significant risk to organizations utilizing this platform for source code management. While specific attribution to a named threat group or associated malware family has not been disclosed in this report, the active exploitation status indicates an immediate threat to confidentiality and integrity. Organizations are urged to prioritize patching or implementing compensating controls immediately to prevent unauthorized access. The severity is assessed as high due to the active nature of the campaign. Further monitoring is recommended to identify potential post-exploitation activities, such as data exfiltration or cryptocurrency mining, which often accompany such intrusions. Immediate vulnerability management is crucial. Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110 Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110

Linked Entities

  • CVE-2025-8110
Read original source