Jan 12, 2026, 08:46 PM
Designed as an alternative to GitLab or GitHub Enterprise and written in Go, Gogs is often exposed online for remote collaboration.
"Tracked as CVE-2025-8110, this remote code execution (RCE) security flaw stems from a path traversal weakness in the PutContents API and allows authenticated attackers to bypass protections implemented for a previously patched RCE bug (CVE-2024-55947) by overwriting files outside the repository via symbolic links.4"
Shodan query:
http.title:"Sign In - Gogs"
For more read here
"Tracked as CVE-2025-8110, this remote code execution (RCE) security flaw stems from a path traversal weakness in the PutContents API and allows authenticated attackers to bypass protections implemented for a previously patched RCE bug (CVE-2024-55947) by overwriting files outside the repository via symbolic links.4"
Shodan query:
http.title:"Sign In - Gogs"
For more read here
Mr. Benedict Ivan Goodhello
