exploitDog

CVE-2025-22952

Опубликовано: 27 фев. 2025

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

Ссылки

https://elest.io/open-source/memos
Product
https://github.com/usememos/memos
Product
https://github.com/usememos/memos/issues/4413
Exploit
Issue Tracking
Vendor Advisory
https://github.com/usememos/memos/pull/4428
Issue Tracking
Patch
https://github.com/usememos/memos/issues/4413
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:usememos:memos:0.23.0:-:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.34979

Средний

9.8 Critical

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-wfxg-v3j4-7qmj

github

11 месяцев назад

Memos Server-Side Request Forgery (SSRF)

EPSS

Процентиль: 97%

0.34979

Средний

9.8 Critical

CVSS3

Дефекты

CWE-918