GHSA-8jcj-g9f4-qx42

Опубликовано: 08 дек. 2025

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

memos vulnerability allows arbitrarily reactions deletion

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-65796
https://github.com/usememos/memos/pull/5217
https://github.com/usememos/memos/commit/769dcd0cf9be83d472829f6e7903b201e42f6b3c
https://github.com/advisories/GHSA-8jcj-g9f4-qx42
https://herolab.usd.de/security-advisories/usd-2025-0060
http://memos.com
http://usememos.com

Пакеты

Наименование

github.com/usememos/memos

Затронутые версииВерсия исправления

< 0.25.3

0.25.3

EPSS

Процентиль: 9%

0.00032

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-65796

Дефекты

CWE-284

Связанные уязвимости

CVE-2025-65796

CVSS3: 4.3

nvd

2 месяца назад

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.

EPSS

Процентиль: 9%

0.00032

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-65796

Дефекты

CWE-284