FLAT-GHYLJ – Vulnerability | Fluid Attacks Database

Database

Description

Gogs vulnerable to a bypass of CVE-2024-55947 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
go	gogs.io/gogs	>=0 <=0.13.3

Aliases

1. CVE-2025-81102. NVD-2025-81103. OSV-2025-81104. GHSA-mq8m-42gh-wq7r5. GCVE-2025-8110

References

1. https://github.com/gogs/gogs/pull/80782. https://github.com/gogs/gogs/pull/80823. https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f64. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-81105. http://wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit6. http://www.openwall.com/lists/oss-security/2025/12/11/37. http://www.openwall.com/lists/oss-security/2025/12/11/48. http://www.openwall.com/lists/oss-security/2026/01/17/49. http://www.openwall.com/lists/oss-security/2026/01/18/110. http://www.openwall.com/lists/oss-security/2026/01/18/211. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-8110.yaml12. https://github.com/rxerium/CVE-2025-8110

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.