Zero Day: 700 Instances of Self-Hosted Git Service Exploited

Unpatched Flaw in Open-Source Gogs Service Facilitates Remote Code Execution Mathew J. Schwartz (euroinfosec) • December 11, 2025

An attacker has been exploiting a zero-day flaw in a popular, self-hosted Git service as part of apparently financially driven attacks, warned researchers.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

The vulnerability, which remains unpatched, is present in the latest version of Gogs, a self-hosted Git service written in Go, and was discovered by researchers at cybersecurity firm Wiz. Many organizations use Gogs to self-host Git repositories on-premises or in the cloud - rather than with a service such as GitHub - and expose it to the internet to support use by distributed teams.

The Wiz researchers said that of 1,500 internet-facing instances of Gogs cataloged by Shodan search engine, at least 700 show signs of having been exploited using a zero-day vulnerability now tracked as CVE-2025-8110. The ...