Vulnerabilities

CVE-2025-56760

by Fred · 03/09/2025

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.

More information : https://github.com/usememos/memos/blob/v0.24.4/server/router/api/v1/resource_service.go#L48

Similar

Tags: Cybersecurity Alert