A severe flaw in Gogs, a lightweight self-hosted Git service, allows attackers to run commands remotely and skip two-factor authentication. This critical issue affects many organizations using Gogs for private code hosting. Vulnerability Overview Gogs versions up to 0.13.3 suffer from CVE-2025-64111, an OS command injection bug with a CVSS score of 9.3. It stems […] The post Critical Gogs Vulnerability Enables Remote Command Execution and 2FA Bypass appeared first on Cyber Security News.