CVE Catalog

CVE-2025-65799

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile - higher than 12% of all known CVEs

Summary

In the Attachment service of usememos memos v0.25.2, a lack of file name validation allows attackers to perform a path traversal. This vulnerability enables access to files outside the intended directory.

Risk Assessment

An attacker can read sensitive system or configuration files, leading to data leakage and potential compromise of the application.

Recommendation

Immediately update to the latest version of memos that includes a fix for file name validation. In the meantime, restrict access to the Attachment service to trusted users only.

Original NVD description (English source)

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS