CVE-2025-65799

Medium CVSS: 4.3

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

Vendor

Product

CWE

Yayın Tarihi

2025-12-08 17:16:21

Güncelleme

2025-12-09 17:15:32

Source Identifier

cve@mitre.org

KEV Date Added

CWE-73 Memos MEDIUM Usememos 2025

http://memos.com http://usememos.com https://github.com/usememos/memos/pull/5218 https://herolab.usd.de/security-advisories/usd-2025-0056/

High

CVE-2025-65795

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create…

Medium

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level priv…

Medium

CVE-2025-65796

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reac…

Medium

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or d…

High

CVE-2024-21635

Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. Wh…

Medium

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint co…