CVE-2025-22952

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-22952

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-22952.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-22952

Aliases

Downstream

openSUSE-SU-2025:14889-1

Related

openSUSE-SU-2025:14889-1

Published

2025-02-27T20:16:04Z

Modified

2025-07-12T06:00:09.393245Z

Summary

[none]

Details

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

References

Affected packages

Git / github.com/usememos/memos

Affected ranges

Type: GIT
Repo: https://github.com/usememos/memos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ea394d89b27ec087dc005b17bba37ec1cb0e98cc

Affected versions

v0.*

v0.1.2

v0.10.2

v0.10.3

v0.11.0

v0.11.1

v0.11.2

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.13.1

v0.13.2

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.14.4

v0.15.0

v0.15.1

v0.15.2

v0.16.0

v0.16.1

v0.17.1

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.20.0

v0.20.1

v0.21.0

v0.22.0

v0.22.1

v0.22.2

v0.22.3

v0.22.4

v0.22.5

v0.23.0

v0.23.0-rc.0

v0.23.0-rc.1

v0.23.0-rc.2

v0.23.0-rc.3

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.9.1