A high-severity, still-unpatched vulnerability in Gogs is being actively exploited in the wild, with over 700 compromised internet-facing instances observed, based on analysis from Wiz.

The issue, identified as CVE-2025-8110 (CVSS score: 8.7), is a file overwrite flaw in the file update API of the Go-based self-hosted Git platform. A patch is reportedly under development. The bug was initially and unintentionally uncovered as a zero-day in July 2025 during an investigation into malware on a customer workload.

“Improper symbolic link handling in the PutContents API in Gogs allows local execution of code,” according to the entry for the vulnerability on CVE.org.

The cloud security vendor assesses that CVE-2025-8110 effectively bypasses a previously remediated remote code execution issue (CVE-2024-55947, CVSS score: 8.7), which enabled an attacker to write files to arbitrary paths on the server and then obtain SSH access. CVE-2024-55947 was fixed by the maintainers in December 2024.

Wiz noted that the mitigation for CVE-2024-55947 can be evaded by abusing the fact that Git (and therefore Gogs) supports symbolic links within repositories, and those symlinks can reference files or directories outside the repository tree. On top of that, the Gogs API permits file modifications that bypass the normal Git protocol.

This gap in symlink handling enables attackers to reach arbitrary code execution using a four-step sequence –

• Initialize a normal git repository
• Commit a single symbolic link that resolves to a sensitive target path
• Call the PutContents API to write content through the symlink, causing the system to follow it and overwrite a file outside the repository
• Overwrite “.git/config” (specifically the sshCommand) to run arbitrary commands

The malware observed in these intrusions is assessed to be derived from Supershell, an open-source command-and-control (C2) framework commonly leveraged by China-nexus threat actors. Supershell can establish a reverse SSH shell back to attacker infrastructure, in this case to “119.45.176[.]196”.

Wiz observed that the operators exploiting CVE-2025-8110 did not clean up after themselves: the created repositories (for example, “IV79VAew / Km4zoh4s”) were left on the victim’s cloud workload instead of being deleted or made private post-compromise. This operational sloppiness indicates a fast, opportunistic “smash-and-grab” style campaign.

Across the internet, roughly 1,400 Gogs instances are exposed, and more than 700 show indicators of compromise, specifically repositories with random 8-character owner/repository combinations. All of the flagged repositories appear to have been created around July 10, 2025.

“This suggests that a single actor, or potentially a small cluster of actors using the same tooling, are responsible for all infections,” researchers Gili Tikochinski and Yaara Shriki said.

With no vendor patch currently available, SOC and platform teams should immediately disable open registration, restrict Gogs exposure to the public internet, and hunt across instances for repositories whose names follow the random 8-character pattern.

In parallel, Wiz reported that threat actors are increasingly abusing leaked GitHub Personal Access Tokens (PATs) as high-value initial access tokens into cloud environments, and then using them for cross-cloud lateral movement from GitHub into Cloud Service Provider (CSP) control planes.

The core risk is that an adversary with basic read privileges via a PAT can abuse GitHub’s API code search to enumerate secret names directly embedded in workflow YAML definitions. If the compromised PAT also has write permissions, the attacker can run arbitrary code via modified workflows and then wipe evidence of malicious activity.

“Attackers leveraged compromised PATs to discover GitHub Action Secrets names in the codebase, and used them in newly created malicious workflows to execute code and obtain CSP secrets,” researcher Shira Ayal said. “Threat actors have also been observed exfiltrating secrets to a webhook endpoint they control, completely bypassing Action logs.”