cbcvebase.
CVE-2025-56760
published 2025-09-03

CVE-2025-56760: When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in…

PriorityP429medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.32%
23.8th percentile
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comusememos_memos0 – 0.22.0
usememosmemos
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.