Moderate severityOSV Advisory· Published Dec 8, 2025· Updated Dec 8, 2025
CVE-2025-65796
CVE-2025-65796
Description
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/usememos/memosGo | < 0.25.3 | 0.25.3 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/usememos/memospkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.25.3+ 1 more
- (no CPE)range: < 0.25.3
- (no CPE)range: < 0.0.20251230T014957-150000.1.134.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-8jcj-g9f4-qx42ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65796ghsaADVISORY
- memos.comghsaWEB
- usememos.comghsaWEB
- github.com/usememos/memos/commit/769dcd0cf9be83d472829f6e7903b201e42f6b3cghsaWEB
- github.com/usememos/memos/pull/5217ghsaWEB
- herolab.usd.de/security-advisories/usd-2025-0060ghsaWEB
- herolab.usd.de/security-advisories/usd-2025-0060/mitre
News mentions
0No linked articles in our index yet.