CVE-2025-65795

High CVSS: 7.5

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

Vendor

Usememos

Product

Memos

CWE

CWE-284

Yayın Tarihi

2025-12-08 17:16:21

Güncelleme

2025-12-09 17:15:53

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Memos HIGH Usememos 2025

Referanslar

http://memos.com http://usememos.com https://github.com/usememos/memos/pull/5217 https://herolab.usd.de/usd-2025-0058/

Benzer Kayıtlar

Medium

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level priv…

Medium

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to e…

Medium

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reac…

Medium

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or d…

High

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Wh…

Medium

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint co…