CISA has mandated that U.S. government agencies patch a serious remote code execution vulnerability in Gogs, identified as CVE-2025-8110. This flaw, stemming from a path traversal issue, allows attackers to overwrite files outside the repository and execute arbitrary commands. Over 1,400 Gogs servers remain exposed, with a second wave of attacks observed recently.