CVE-2025-22952 Information

Description

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs which can be exploited to perform SSRF attacks.

Reference

https://elest.io/open-source/memos https://github.com/usememos/memos https://github.com/usememos/memos/issues/4413 https://github.com/usememos/memos/pull/4428