CNNVD-202509-267 Information

CNNVD ID

CNNVD-202509-267

Related CVE

CVE-2025-56760

• CNNVD Published: 2025-09-03

Description (Chinese)

Memos是Memos开源的一个具有知识管理和社交功能的开源自托管备忘录中心。 Memos 0.22版本存在安全漏洞，该漏洞源于CreateResource端点中存在路径遍历，可能导致任意文件写入。

Description (English)

Memos is an open-source Memos centre with knowledge management and socialization functions. The Memos 0.22 version contains a security loophole, which stems from the existence of a path through the CreateResource endpoint, which may lead to the writing of any document.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Memos

Published

2025-09-03

Last Modified

2026-02-24

References

https://github.com/usememos/memos/blob/v0.24.4/server/router/api/v1/resource_service.go#L48 https://www.sonarsource.com/blog/securing-go-applications-with-sonarqube-real-world-examples/ https://access.redhat.com/security/cve/cve-2025-56760

Patch

https://www.usememos.com/