Usememos: community verdicts
5 notable / known-exploited Usememos CVEs the community has triaged.
- CVE-2025-65797MED 6.5EPSS 0%
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
- CVE-2025-65795HIGH 7.5Real · low riskEPSS 0%
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.
- CVE-2025-65799MED 4.3EPSS 0%
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
- CVE-2025-65796MED 4.3EPSS 0%
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
- CVE-2025-65798MED 5.4EPSS 0%
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.