VDB
CVE-2025-65798
CVE-2025-65798
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.
EPSS 0.04% · 13.3th percentile
Risk Scores
CVSS v3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.04%
13.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | usememos/memos | 0 |
| n/a | n/a | n/a |
| usememos | memos | 0.25.2 |
Timeline
- Nov 18, 2025 CVE ID Reserved
- Dec 8, 2025 CVE Published
- Dec 8, 2025 CVE Updated
- Dec 9, 2025 EPSS Score
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 7, 2026 EPSS Score
- Jan 11, 2026 EPSS Score
References
- http://memos.com url
- http://usememos.com url
- https://github.com/usememos/memos/pull/5217 url
- https://herolab.usd.de/security-advisories/usd-2025-0059/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-65798 advisory
- https://github.com/usememos/memos/commit/769dcd0cf9be83d472829f6e7903b201e42f6b3c url
- https://github.com/advisories/GHSA-8p44-g572-557h advisory
- https://github.com/usememos/memos package
- https://herolab.usd.de/security-advisories/usd-2025-0059 url