VDB
CVE-2025-65799
CVE-2025-65799
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
EPSS 0.05% · 14.6th percentile
Risk Scores
CVSS v3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.05%
14.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| github.com | usememos/memos | 0 |
| usememos | memos | 0.25.2 |
Timeline
- Dec 8, 2025 CVE Published
- Dec 8, 2025 PoC Published
- Dec 9, 2025 EPSS Score
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 CVE Updated
- Dec 17, 2025 EPSS Score
- Dec 22, 2025 EPSS Score
- Dec 26, 2025 EPSS Score
- Dec 30, 2025 EPSS Score
- Jan 3, 2026 EPSS Score
- Jan 7, 2026 EPSS Score
- Jan 11, 2026 EPSS Score
References
- http://memos.com url
- http://usememos.com url
- https://github.com/usememos/memos/pull/5218 url
- https://herolab.usd.de/security-advisories/usd-2025-0056/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-65799 advisory
- https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d url
- https://github.com/advisories/GHSA-qgjp-5g5x-vhq2 advisory
- https://github.com/usememos/memos package
- https://herolab.usd.de/security-advisories/usd-2025-0056 url