Moderate severityOSV Advisory· Published Dec 8, 2025· Updated Dec 8, 2025
CVE-2025-65799
CVE-2025-65799
Description
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/usememos/memosGo | < 0.25.3 | 0.25.3 |
Affected products
3- ghsa-coords2 versionspkg:golang/github.com/usememos/memospkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 0.25.3+ 1 more
- (no CPE)range: < 0.25.3
- (no CPE)range: < 0.0.20251230T014957-150000.1.134.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-qgjp-5g5x-vhq2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65799ghsaADVISORY
- memos.comghsaWEB
- usememos.comghsaWEB
- github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591dghsaWEB
- github.com/usememos/memos/pull/5218ghsaWEB
- herolab.usd.de/security-advisories/usd-2025-0056ghsaWEB
- herolab.usd.de/security-advisories/usd-2025-0056/mitre
News mentions
0No linked articles in our index yet.