Moderate severityOSV Advisory· Published Dec 8, 2025· Updated Dec 8, 2025
CVE-2025-65797
CVE-2025-65797
Description
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/usememos/memosGo | < 0.25.3 | 0.25.3 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/usememos/memospkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.25.3+ 1 more
- (no CPE)range: < 0.25.3
- (no CPE)range: < 0.0.20251230T014957-150000.1.134.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-99m2-qwx6-2w6fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65797ghsaADVISORY
- memos.comghsaWEB
- usememos.comghsaWEB
- github.com/usememos/memos/commit/769dcd0cf9be83d472829f6e7903b201e42f6b3cghsaWEB
- github.com/usememos/memos/pull/5217ghsaWEB
- herolab.usd.de/security-advisories/usd-2025-0057ghsaWEB
- herolab.usd.de/security-advisories/usd-2025-0057/mitre
News mentions
0No linked articles in our index yet.