CVE-2025-56760
published 2025-09-03CVE-2025-56760: When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in…
PriorityP429medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.32%
23.8th percentile
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | 0 – 0.22.0 | — |
| usememos | memos | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
osv·2025-09-08
CVE-2025-56760 Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos
OSV
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
osv·2025-09-04
CVE-2025-56760 [MEDIUM] Memos Vulnerable to Path Traversal via the CreateResource Endpoint
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
GHSA
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
ghsa·2025-09-04
CVE-2025-56760 [MEDIUM] CWE-24 Memos Vulnerable to Path Traversal via the CreateResource Endpoint
Memos Vulnerable to Path Traversal via the CreateResource Endpoint
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-03
Published