CVE-2025-65797
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
An incorrect access control vulnerability in the Identity Provider service of usememos memos v0.25.2 allows low-privileged attackers to arbitrarily modify or delete registered identity providers. This can lead to account takeover or Denial of Service (DoS).
Risk Assessment
The risk includes unauthorized account takeover and disruption of authentication services, potentially leading to data loss and system unavailability.
Recommendation
Immediately update to the latest version of memos and implement role-based access control (RBAC) for the Identity Provider service.
Original NVD description (English source)
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).

