Login Sign Up

CVE-2025-56760

4.3 MEDIUM
Path Traversal

📋 TL;DR

This vulnerability allows attackers to write arbitrary files to the server when Memos 0.22 is configured with local storage. Attackers can exploit the CreateResource endpoint using path traversal sequences in filenames, potentially compromising server integrity. Only Memos instances with local storage configuration are affected.

💻 Affected Systems

Products:
  • Memos
Versions: 0.22 (specifically mentioned, potentially earlier versions with similar code)
Operating Systems: All platforms running Memos
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when configured to store objects locally (not using external storage like S3)

📦 What is this software?

Memos by Usememos

View all CVEs affecting Memos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through overwriting critical system files, installation of backdoors, or privilege escalation.

🟠

Likely Case

Defacement of the Memos application, data corruption, or denial of service by overwriting application files.

🟢

If Mitigated

Limited to writing files within the application's data directory if proper input validation is implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires attacker to have access to the CreateResource endpoint and knowledge of local storage configuration

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.24.4 or later

Vendor Advisory: https://github.com/usememos/memos/blob/v0.24.4/server/router/api/v1/resource_service.go#L48

Restart Required: No

Instructions:

1. Backup your Memos data. 2. Update to Memos version 0.24.4 or later. 3. Verify the fix by checking that path traversal sequences are properly sanitized.

🔧 Temporary Workarounds

Switch to external storage

all

Configure Memos to use external object storage (like S3, MinIO) instead of local storage

Modify configuration to set storage.type to 's3' or similar external storage

Input validation middleware

all

Add middleware to sanitize filename inputs before processing

Implement filename sanitization in the resource upload handler

🧯 If You Can't Patch

  • Implement strict file permission controls on the Memos data directory
  • Deploy a WAF with path traversal detection rules

🔍 How to Verify

Check if Vulnerable:

Check if running Memos version 0.22 with local storage configuration

Check Version:

Check Memos version in web interface or configuration files

Verify Fix Applied:

Attempt to upload a file with path traversal sequences (e.g., '../../etc/passwd') and verify it's rejected or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual file creation patterns
  • Requests with path traversal sequences in filenames
  • Failed file write attempts outside expected directories

Network Indicators:

  • HTTP POST requests to CreateResource endpoint with suspicious filenames

SIEM Query:

source="memos" AND (filename="*../*" OR filename="*..\\*")

📊 Metadata

CVE ID: CVE-2025-56760
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-24
EPSS Score: 0.1% exploit probability (27.9th percentile)
Published: September 3, 2025
Last Updated: September 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56760, you might also want to check these:

CVE-2025-61318 9.1

Emlog Pro 2.5.20 contains an arbitrary file deletion vulnerability in admin/template.php and admin/p...

Same vulnerability type (CWE-24)
CVE-2025-53513 8.8

This vulnerability allows any authenticated user on a Juju controller to upload malicious charms via...

Same vulnerability type (CWE-24)
CVE-2025-54769 8.8

This vulnerability allows authenticated read-only users to upload files and perform directory traver...

Same vulnerability type (CWE-24)