Home

Description

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-08 | Updated 2025-12-08 | Assigner mitre

References

memos.com

usememos.com

github.com/usememos/memos/pull/5217

herolab.usd.de/usd-2025-0058/

cve.org (CVE-2025-65795)

nvd.nist.gov (CVE-2025-65795)

Download JSON