CVE-2025-65798 – An incorrect access control vulnerability in us... (How to Fix)

Q: What is the severity of CVE-2025-65798?

CVE-2025-65798 has a CVSS score of 5.4 (MEDIUM). An incorrect access control vulnerability in usememos memos v0.25.2 allows authenticated users with low-level privileges to modify or delete attachments uploaded by other users. This affects all deployments running the vulnerable version where multiple users have access to the system. The vulnerability stems from improper authorization checks when handling attachment operations.

📋 TL;DR

An incorrect access control vulnerability in usememos memos v0.25.2 allows authenticated users with low-level privileges to modify or delete attachments uploaded by other users. This affects all deployments running the vulnerable version where multiple users have access to the system. The vulnerability stems from improper authorization checks when handling attachment operations.

💻 Affected Systems

Products:

usememos memos

Versions: v0.25.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments with multiple user accounts where some users have low-level privileges. Single-user installations are not vulnerable to privilege escalation.

📦 What is this software?

Memos by Usememos

View all CVEs affecting Memos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious low-privilege users could delete or modify critical attachments uploaded by administrators or other users, potentially causing data loss, service disruption, or unauthorized content modification.

🟠

Likely Case

Low-privilege users accidentally or intentionally modifying/deleting attachments belonging to other users within the same organization, leading to data integrity issues and potential operational impact.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place, though the vulnerability still represents a privilege escalation risk.

🌐 Internet-Facing: MEDIUM - While exploitation requires authentication, internet-facing instances are exposed to a wider pool of potential attackers who could obtain low-privilege accounts.

🏢 Internal Only: MEDIUM - Internal users with legitimate low-level access could exploit this vulnerability, though the attack surface is more limited than internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access with any user account. The vulnerability is in the authorization logic, making exploitation straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.25.3 or later

Vendor Advisory: https://github.com/usememos/memos/pull/5217

Restart Required: Yes

Instructions:

1. Backup your memos database and configuration. 2. Stop the memos service. 3. Update to v0.25.3 or later using your deployment method (Docker, binary, etc.). 4. Restart the memos service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict user permissions

all

Temporarily reduce attachment permissions for low-privilege users until patching is complete

Implement external access controls

all

Use reverse proxy or application firewall rules to restrict attachment modification endpoints

🧯 If You Can't Patch

Implement strict access controls and monitoring for attachment operations
Regularly audit attachment access logs and implement alerting for suspicious modification patterns

🔍 How to Verify

Check if Vulnerable:

Check if running memos v0.25.2 by examining the version in the web interface or checking the deployment configuration.

Check Version:

Check web interface or run: docker inspect memos_container | grep -i version OR check application logs for version information

Verify Fix Applied:

After updating, verify the version shows v0.25.3 or later and test that low-privilege users cannot modify attachments belonging to other users.

📡 Detection & Monitoring

Log Indicators:

Unauthorized attachment modification attempts
Attachment DELETE/PUT requests from low-privilege users targeting other users' files

Network Indicators:

HTTP requests to attachment modification endpoints with mismatched user IDs

SIEM Query:

source="memos" AND (event="attachment_modify" OR event="attachment_delete") AND user_privilege="low" AND target_user!=current_user

📊 Metadata

CVE ID: CVE-2025-65798

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-284

EPSS Score: 0.04% exploit probability (10.7th percentile)

Published: December 8, 2025

Last Updated: December 9, 2025

🔗 References

http://memos.com Permissions Required
http://usememos.com Product
https://github.com/usememos/memos/pull/5217 Issue Tracking,Patch
https://herolab.usd.de/security-advisories/usd-2025-0059/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65798, you might also want to check these: