CISA Adds Gogs Path Traversal Vulnerability (CVE-2025-8110) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a path traversal vulnerability affecting Gogs (CVE-2025-8110) to its Known Exploited Vulnerabilities (KEV) catalog. Gogs is a self-hosted, lightweight, open-source Git service written in Go. The vulnerability, assigned a CVSS score of 8.7, could allow unauthorized access to sensitive files through path manipulation. Path traversal vulnerabilities are critical as they can enable attackers to access files outside of the intended directory, potentially leading to the exposure of sensitive information or system files. The high CVSS score indicates a significant severity level, necessitating immediate attention from organizations using affected versions of Gogs. The inclusion of this vulnerability in CISA's KEV catalog suggests that it is either being actively exploited or poses a substantial risk to organizations. However, the source article does not provide specific details on active exploitation or the exact date of addition to the catalog. For cybersecurity professionals, the key action is to identify if their organization is using a vulnerable version of Gogs and apply the necessary patches or mitigations immediately. Additionally, monitoring systems for any signs of exploitation is crucial. This development highlights the ongoing need for vigilance and prompt patching of known vulnerabilities, particularly those that can lead to unauthorized access to sensitive data.