CVE-2025-65798

Medium CVSS: 5.4

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Vendor

Usememos

Product

Memos

CWE

CWE-284

Yayın Tarihi

2025-12-08 16:15:53

Güncelleme

2025-12-09 17:28:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Memos MEDIUM Usememos 2025

Referanslar

http://memos.com http://usememos.com https://github.com/usememos/memos/pull/5217 https://herolab.usd.de/security-advisories/usd-2025-0059/

Benzer Kayıtlar

High

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create…

Medium

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level priv…

Medium

CVE-2025-65799

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to e…

Medium

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reac…

High

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Wh…

Medium

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint co…