Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-2z9w-axh8-ebh5
SummaryA lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
Aliases
0
alias CVE-2025-65799
1
alias GHSA-qgjp-5g5x-vhq2
Fixed_packages
0
url pkg:golang/github.com/usememos/memos@0.25.3
purl pkg:golang/github.com/usememos/memos@0.25.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/usememos/memos@0.25.3
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65799
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14767
published_at 2026-06-14T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14676
published_at 2026-06-11T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.14797
published_at 2026-06-12T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14796
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65799
1
reference_url https://github.com/advisories/GHSA-qgjp-5g5x-vhq2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-qgjp-5g5x-vhq2
2
reference_url https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d
3
reference_url https://herolab.usd.de/security-advisories/usd-2025-0056
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://herolab.usd.de/security-advisories/usd-2025-0056
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65799
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65799
5
reference_url https://github.com/usememos/memos/pull/5218
reference_id 5218
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/
url https://github.com/usememos/memos/pull/5218
6
reference_url http://memos.com
reference_id memos.com
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/
url http://memos.com
7
reference_url https://herolab.usd.de/security-advisories/usd-2025-0056/
reference_id usd-2025-0056
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/
url https://herolab.usd.de/security-advisories/usd-2025-0056/
8
reference_url http://usememos.com
reference_id usememos.com
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/
url http://usememos.com
Weaknesses
0
cwe_id 73
name External Control of File Name or Path
description The product allows user input to control or influence paths or file names that are used in filesystem operations.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-2z9w-axh8-ebh5