
We found results for “”
CVE-2025-56760
Good to know:

Date: September 2, 2025
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version github.com/usememos/memos - null
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |