CVE-2025-65799
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
In the Attachment service of usememos memos v0.25.2, a lack of file name validation allows attackers to perform a path traversal. This vulnerability enables access to files outside the intended directory.
Risk Assessment
An attacker can read sensitive system or configuration files, leading to data leakage and potential compromise of the application.
Recommendation
Immediately update to the latest version of memos that includes a fix for file name validation. In the meantime, restrict access to the Attachment service to trusted users only.
Original NVD description (English source)
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

