Share
## https://sploitus.com/exploit?id=855BFE2B-DFFB-5111-8679-23592C624CD5
# CVE-2025-8110 โ€” Gogs Symlink Traversal โ†’ RCE

## Overview

**CVE-2025-8110** is a critical vulnerability in [Gogs](https://gogs.io) (self-hosted Git service) versions ** os.symlink(target) -> git push)
4. **Write through symlink** โ€” `PUT /api/v1/repos/:owner/:repo/contents/:link` with base64-encoded content. Gogs resolves the symlink on disk and writes to the real file (PUT /api/v1/repos/.../contents/linkn_ame) 
5. **Trigger RCE** โ€” RCE trigger depends on strategy (SSH login, cron execution, sshCommand evaluation, or hook execution) 

## Options

```
target                  Gogs base URL (e.g. http://target:3000)

Authentication:
  -u, --user            Gogs username
  -p, --password        Gogs password

RCE Strategies:
  --rce-keys PUBKEY     Plant SSH pubkey โ†’ /root/.ssh/authorized_keys
  --rce-cron            Reverse shell โ†’ /etc/crontab
  --rce-ssh             Poison .git/config sshCommand + trigger
  --rce-hook            Overwrite pre-receive hook + trigger
  --write               Generic arbitrary file write

Connection / Payload:
  --lhost LHOST         Attacker IP for reverse shell
  --lport LPORT         Attacker port for reverse shell
  --target-file PATH    Server path to overwrite (--write mode)
  --content STRING      Content to write
  --content-file FILE   Local file to write

Options:
  --repo NAME           Repository name (default: random)
  --cleanup             Delete exploit repo after completion
  -o, --output FILE     Report file (default: loot.json)
  --timeout SECONDS     Request timeout (default: 15)
  --proxy URL           HTTP proxy for debugging
  --check-only          Only check if target is Gogs, don't exploit
```

## References

- [Wiz Research Blog](https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit)
- [NVD โ€” CVE-2025-8110](https://nvd.nist.gov/vuln/detail/CVE-2025-8110)
- [Gogs Patch PR #8078](https://github.com/gogs/gogs/pull/8078)
- [GHSA-mq8m-42gh-wq7r](https://github.com/advisories/GHSA-mq8m-42gh-wq7r)

## Disclaimer

This tool is provided for **authorized security testing and educational purposes only**. Unauthorized access to computer systems is illegal. The author takes no responsibility for misuse. Use only on systems you own or have explicit written permission to test.