CVE Catalog

CVE-2025-65797

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

An incorrect access control vulnerability in the Identity Provider service of usememos memos v0.25.2 allows low-privileged attackers to arbitrarily modify or delete registered identity providers. This can lead to account takeover or Denial of Service (DoS).

Risk Assessment

The risk includes unauthorized account takeover and disruption of authentication services, potentially leading to data loss and system unavailability.

Recommendation

Immediately update to the latest version of memos and implement role-based access control (RBAC) for the Identity Provider service.

Original NVD description (English source)

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS