CVE-2025-65797

Medium CVSS: 6.5

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

Vendor

Usememos

Product

Memos

CWE

CWE-284

Yayın Tarihi

2025-12-08 17:16:21

Güncelleme

2025-12-11 00:04:16

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Memos MEDIUM Usememos 2025

Referanslar

http://memos.com http://usememos.com https://github.com/usememos/memos/pull/5217 https://herolab.usd.de/security-advisories/usd-2025-0057/

Benzer Kayıtlar

High

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create…

Medium

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to e…

Medium

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reac…

Medium

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or d…

High

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Wh…

Medium

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint co…