CVE-2025-22952

Critical CVSS: 9.8

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

Vendor

Usememos

Product

Memos

CWE

CWE-918

Yayın Tarihi

2025-02-27 20:16:04

Güncelleme

2025-07-10 22:52:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-918 Memos CRITICAL Usememos 2025

Referanslar

https://elest.io/open-source/memos https://github.com/usememos/memos https://github.com/usememos/memos/issues/4413 https://github.com/usememos/memos/pull/4428 https://github.com/usememos/memos/issues/4413

Benzer Kayıtlar

High

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create…

Medium

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level priv…

Medium

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to e…

Medium

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reac…

Medium

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or d…

High

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Wh…