Hackers Hijack Unpatched Gogs Flaw, Compromising Hundreds of Servers
A critical zero-day vulnerability in Gogs, a widely-used Git platform, has left a vast number of servers vulnerable to remote attacks. This flaw, unpatched at the time of writing, has already been exploited to breach over 700 servers, and the impact could be far-reaching.
Gogs, a self-hosted Git service written in Go, is a popular alternative to GitLab and GitHub Enterprise. However, its very accessibility has made it a target. The vulnerability, tracked as CVE-2025-8110, is a path traversal issue in the PutContents API. This allows hackers to bypass previous security measures and access sensitive files outside the repository.
Here's the twist: While Gogs developers fixed a similar remote code execution bug (CVE-2024-55947) by validating path names, they overlooked the validation of symbolic links. This oversight allows attackers to create symbolic links to critical system files and overwrite them using the PutContents API. By targeting Git configuration files, hackers can execute arbitrary commands on the server.
Wiz Research uncovered this exploit in July while investigating a malware infection on a client's Gogs server. They found a staggering 1,400 Gogs servers exposed online, with 700+ showing signs of compromise. The attackers used automated tools to create repositories with random names, indicating a coordinated campaign.
And here's where it gets controversial: Many of these servers had 'Open Registration' enabled by default, making them an easy target. The malware used, created with Supershell, established reverse SSH shells, and communicated with a command-and-control server. Despite the researchers' prompt reporting, a patch is still in development, and a second wave of attacks has already been detected.
To protect against this threat, Gogs users should disable open registration and restrict server access. Checking for suspicious PutContents API usage and repositories with random names can help identify compromised instances. But the question remains: Is this enough to secure your server, or is there more to be done?
Breaking Down IAM Silos: A Practical Guide
Broken Identity and Access Management (IAM) isn't just an IT headache; it's a business-wide crisis. This guide delves into the challenges of traditional IAM practices, providing real-world examples and a strategic checklist for improvement.
Learn why companies like Bitpanda, KnowBe4, and PathAI had to rethink their IAM strategies and how you can avoid similar pitfalls. Discover what constitutes effective IAM and take the first steps towards a more scalable and secure approach.
