Fact-check: The article is directly sourced from CISA's official alerts, which aligns with their established practices for managing the KEV Catalog, and the claims about the vulnerability addition are consistent with verified CISA operations in the Critical Infrastructure context. There are no apparent contradictions in current reporting or on X, making the information reliable. As an official government announcement, it is well-supported and not speculative.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-8110, a path traversal vulnerability in Gogs, based on evidence of active exploitation. The catalog addition requires Federal Civilian Executive Branch agencies to remediate the vulnerability by a specified due date to protect federal networks. CISA also urges all organizations to prioritize remediation as part of their vulnerability management practices.