Summary: CISA has added a critical Path Traversal vulnerability in Gogs (CVE-2025-8110) to its Known Exploited Vulnerabilities (KEV) catalog. This flaw in the self-hosted Git service allows attackers to access sensitive files on the host system, potentially leading to credential theft and full server takeover.
Business Impact: High. Many organizations use self-hosted Git instances to avoid public cloud exposure. This breach allows an attacker to steal proprietary source code and intellectual property, which is catastrophic for software development firms.
Why It Happened: Inadequate input sanitization within the Gogs file-handling logic allowed crafted paths to escape the restricted repository directory.
Recommended Executive Action: Mandate an immediate patch for all self-hosted Gogs instances to the latest version. Conduct a forensic audit to ensure no unauthorized file access occurred during the exploitation window.
Hashtags: #Gogs #CISA #KEV #Vulnerability #Git #DevSecOps