VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2z9w-axh8-ebh5

Essentials
Severities (23)
References (9)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2z9w-axh8-ebh5
Aliases	CVE-2025-65799 GHSA-qgjp-5g5x-vhq2
Summary	A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-73

External Control of File Name or Path

System	Score	Found at
cvssv3.1	4.3	http://memos.com
generic_textual	MODERATE	http://memos.com
ssvc	Track	http://memos.com
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-65799
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2025-65799
cvssv3.1	4.3	https://github.com/advisories/GHSA-qgjp-5g5x-vhq2
generic_textual	MODERATE	https://github.com/advisories/GHSA-qgjp-5g5x-vhq2
cvssv3.1	4.3	https://github.com/usememos/memos
generic_textual	MODERATE	https://github.com/usememos/memos
cvssv3.1	4.3	https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d
generic_textual	MODERATE	https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d
cvssv3.1	4.3	https://github.com/usememos/memos/pull/5218
generic_textual	MODERATE	https://github.com/usememos/memos/pull/5218
ssvc	Track	https://github.com/usememos/memos/pull/5218
cvssv3.1	4.3	https://herolab.usd.de/security-advisories/usd-2025-0056
generic_textual	MODERATE	https://herolab.usd.de/security-advisories/usd-2025-0056
cvssv3.1	4.3	https://herolab.usd.de/security-advisories/usd-2025-0056/
ssvc	Track	https://herolab.usd.de/security-advisories/usd-2025-0056/
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2025-65799
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-65799
cvssv3.1	4.3	http://usememos.com
generic_textual	MODERATE	http://usememos.com
ssvc	Track	http://usememos.com

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-65799
		https://github.com/advisories/GHSA-qgjp-5g5x-vhq2
		https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d
		https://herolab.usd.de/security-advisories/usd-2025-0056
		https://nvd.nist.gov/vuln/detail/CVE-2025-65799
5218		https://github.com/usememos/memos/pull/5218
memos.com		http://memos.com
usd-2025-0056		https://herolab.usd.de/security-advisories/usd-2025-0056/
usememos.com		http://usememos.com

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://memos.com

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/ Found at http://memos.com

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/advisories/GHSA-qgjp-5g5x-vhq2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/usememos/memos

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/usememos/memos/commit/5f57f48673e2054f404b2c5b497a8eaa3690591d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/usememos/memos/pull/5218

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/ Found at https://github.com/usememos/memos/pull/5218

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://herolab.usd.de/security-advisories/usd-2025-0056

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://herolab.usd.de/security-advisories/usd-2025-0056/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/ Found at https://herolab.usd.de/security-advisories/usd-2025-0056/

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-65799

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at http://usememos.com

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-08T17:30:19Z/ Found at http://usememos.com

Exploit Prediction Scoring System (EPSS)

Percentile	0.14676
EPSS Score	0.00046
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:57:36.460051+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/65xxx/CVE-2025-65799.json	38.6.0