CVE Catalog

CVE-2025-65798

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

In usememos memos version 0.25.2, incorrect access control allows attackers with low-level privileges to arbitrarily modify or delete attachments created by other users.

Risk Assessment

The organization faces data integrity loss and potential confidentiality breaches, as attackers can manipulate other users' attachments, potentially leading to leakage or destruction of important information.

Recommendation

Immediately update usememos memos to the latest version containing a fix for this vulnerability, and review and adjust access permissions for attachments.

Original NVD description (English source)

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS