Login Sign Up

CVE-2025-65799

4.3 MEDIUM
Path Traversal

📋 TL;DR

CVE-2025-65799 is a path traversal vulnerability in usememos memos v0.25.2 that allows attackers to access files outside the intended directory through the Attachment service. This affects all deployments running the vulnerable version of usememos memos, potentially exposing sensitive system files.

💻 Affected Systems

Products:
  • usememos memos
Versions: v0.25.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments using the Attachment service feature.

📦 What is this software?

Memos by Usememos

View all CVEs affecting Memos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read arbitrary files on the server, including configuration files, credentials, or sensitive application data, leading to complete system compromise.

🟠

Likely Case

Attackers access application configuration files or other sensitive data stored in predictable locations, potentially enabling further attacks.

🟢

If Mitigated

Limited to reading files accessible to the application's service account, with no write or execution capabilities.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the Attachment service endpoint, but no authentication bypass is needed beyond what the application normally requires.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.25.3 or later

Vendor Advisory: https://github.com/usememos/memos/pull/5218

Restart Required: Yes

Instructions:

1. Backup your memos data. 2. Stop the memos service. 3. Update to v0.25.3 or later using your deployment method (Docker, binary, etc.). 4. Restart the memos service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Disable Attachment Service

all

Temporarily disable the Attachment service feature if not required

Modify configuration to disable file uploads/attachments

Implement Web Application Firewall Rules

all

Block path traversal patterns in requests to the Attachment service

Configure WAF to block requests containing '../', '..\\', or similar traversal patterns

🧯 If You Can't Patch

  • Restrict file system permissions for the memos service account to minimal required directories
  • Implement network segmentation to limit access to the memos service to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check if running usememos memos v0.25.2 and using the Attachment service feature

Check Version:

docker exec memos-container memos version OR check the About page in the web interface

Verify Fix Applied:

Verify version is v0.25.3 or later and test that path traversal attempts are properly blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in attachment logs
  • Requests containing '../' or similar traversal patterns

Network Indicators:

  • HTTP requests to attachment endpoints with suspicious file paths

SIEM Query:

source="memos.logs" AND ("../" OR "..\\" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2025-65799
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-73
EPSS Score: 0.04% exploit probability (11.9th percentile)
Published: December 8, 2025
Last Updated: December 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65799, you might also want to check these:

CVE-2026-27211 10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virt...

Same vulnerability type (CWE-73)
CVE-2024-55371 9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that...

Same vulnerability type (CWE-73)
CVE-2025-29708 9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the ...

Same vulnerability type (CWE-73)