CVE-2025-64111 – Gogs’s update .git/config file allows remote command execution

CVE ID : CVE-2025-64111

Published : Feb. 6, 2026, 4:58 p.m. | 21 minutes ago

Description : Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it’s still possible to update files in the .git directory and achieve remote command execution. This issue has been patched in versions 0.13.4 and 0.14.0+dev.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…