Home

Description

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-08 | Updated 2025-12-08 | Assigner mitre

References

memos.com

usememos.com

github.com/usememos/memos/pull/5218

herolab.usd.de/security-advisories/usd-2025-0056/

cve.org (CVE-2025-65799)

nvd.nist.gov (CVE-2025-65799)

Download JSON