CVE-2025-65797
published 2025-12-08CVE-2025-65797: Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.30%
21.6th percentile
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | usememos_memos | >= 0 < 0.25.3 | 0.25.3 |
| usememos | memos | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
osv·2025-12-15
CVE-2025-65797 memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
memos vulnerability allows arbitrarily modification or deletion registered identity providers in github.com/usememos/memos
GHSA
memos vulnerability allows arbitrarily modification or deletion registered identity providers
ghsa·2025-12-08
CVE-2025-65797 [MEDIUM] CWE-284 memos vulnerability allows arbitrarily modification or deletion registered identity providers
memos vulnerability allows arbitrarily modification or deletion registered identity providers
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
OSV
memos vulnerability allows arbitrarily modification or deletion registered identity providers
osv·2025-12-08
CVE-2025-65797 [MEDIUM] memos vulnerability allows arbitrarily modification or deletion registered identity providers
memos vulnerability allows arbitrarily modification or deletion registered identity providers
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-08
Published