Home

Description

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-03 | Updated 2025-09-04 | Assigner mitre

References

github.com/....24.4/server/router/api/v1/resource_service.go

www.sonarsource.com/...s-with-sonarqube-real-world-examples/

cve.org (CVE-2025-56760)

nvd.nist.gov (CVE-2025-56760)

Download JSON