Moderate severityNVD Advisory· Published Feb 27, 2025· Updated Mar 3, 2025
CVE-2025-22952
CVE-2025-22952
Description
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/usememos/memosGo | <= 0.24.0 | — |
Affected products
3- elestio/memosdescription
- ghsa-coords2 versionspkg:golang/github.com/usememos/memospkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
<= 0.24.0+ 1 more
- (no CPE)range: <= 0.24.0
- (no CPE)range: < 0.0.20250312T181707-1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-wfxg-v3j4-7qmjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-22952ghsaADVISORY
- elest.io/open-source/memosghsaWEB
- github.com/usememos/memos/commit/f17774cb3b9612495d89576a91ab3480018cb0b6ghsaWEB
- github.com/usememos/memos/commit/f8c973c938742827baaf6665cfe66805dc8e8d02ghsaWEB
- github.com/usememos/memos/issues/4413ghsaWEB
- github.com/usememos/memos/pull/4421ghsaWEB
- github.com/usememos/memos/pull/4428ghsaWEB
News mentions
1- ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New StoriesThe Hacker News · Apr 23, 2026