CVE-2025-65797 | THREATINT

Description

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

PUBLISHED Reserved 2025-11-18 | Published 2025-12-08 | Updated 2025-12-08 | Assigner mitre

References

memos.com

usememos.com

github.com/usememos/memos/pull/5217

herolab.usd.de/security-advisories/usd-2025-0057/

cve.org (CVE-2025-65797)

nvd.nist.gov (CVE-2025-65797)

Download JSON