CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.6%

CVSS Severity

CVSS v3 Score 4.3

References

https://github.com/usememos/memos/blob/v0.24.4/server/router/api/v1/resource_service.go#L48
https://www.sonarsource.com/blog/securing-go-applications-with-sonarqube-real-world-examples/

Products affected by CVE-2025-56760

Usememos » Memos » Version: 0.22.0

cpe:2.3:a:usememos:memos:0.22.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-56760

Products

Pricing

Contact Us