## https://sploitus.com/exploit?id=855BFE2B-DFFB-5111-8679-23592C624CD5
# CVE-2025-8110 โ Gogs Symlink Traversal โ RCE
## Overview
**CVE-2025-8110** is a critical vulnerability in [Gogs](https://gogs.io) (self-hosted Git service) versions ** os.symlink(target) -> git push)
4. **Write through symlink** โ `PUT /api/v1/repos/:owner/:repo/contents/:link` with base64-encoded content. Gogs resolves the symlink on disk and writes to the real file (PUT /api/v1/repos/.../contents/linkn_ame)
5. **Trigger RCE** โ RCE trigger depends on strategy (SSH login, cron execution, sshCommand evaluation, or hook execution)
## Options
```
target Gogs base URL (e.g. http://target:3000)
Authentication:
-u, --user Gogs username
-p, --password Gogs password
RCE Strategies:
--rce-keys PUBKEY Plant SSH pubkey โ /root/.ssh/authorized_keys
--rce-cron Reverse shell โ /etc/crontab
--rce-ssh Poison .git/config sshCommand + trigger
--rce-hook Overwrite pre-receive hook + trigger
--write Generic arbitrary file write
Connection / Payload:
--lhost LHOST Attacker IP for reverse shell
--lport LPORT Attacker port for reverse shell
--target-file PATH Server path to overwrite (--write mode)
--content STRING Content to write
--content-file FILE Local file to write
Options:
--repo NAME Repository name (default: random)
--cleanup Delete exploit repo after completion
-o, --output FILE Report file (default: loot.json)
--timeout SECONDS Request timeout (default: 15)
--proxy URL HTTP proxy for debugging
--check-only Only check if target is Gogs, don't exploit
```
## References
- [Wiz Research Blog](https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit)
- [NVD โ CVE-2025-8110](https://nvd.nist.gov/vuln/detail/CVE-2025-8110)
- [Gogs Patch PR #8078](https://github.com/gogs/gogs/pull/8078)
- [GHSA-mq8m-42gh-wq7r](https://github.com/advisories/GHSA-mq8m-42gh-wq7r)
## Disclaimer
This tool is provided for **authorized security testing and educational purposes only**. Unauthorized access to computer systems is illegal. The author takes no responsibility for misuse. Use only on systems you own or have explicit written permission to test.