4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-65799

CVE-2025-65799: memos lacks file name validation or verification

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-65799

CVE-2025-65799:

4.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/usememos/memos	go	< 0.25.3	0.25.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The security vulnerability is a path traversal issue within the attachment handling of the usememos/memos application. The root cause was the lack of input validation on the filename parameter for both creating and updating attachments. The functions APIV1Service.CreateAttachment and APIV1Service.UpdateAttachment in server/router/api/v1/attachment_service.go directly used the user-provided filename without sanitization. The patch 5f57f48673e2054f404b2c5b497a8eaa3690591d rectifies this by introducing a new validateFilename function. This function is now called within both CreateAttachment and UpdateAttachment to ensure the filename does not contain any path traversal characters (/ or \) and is a valid local file path. Before this fix, an attacker could craft a request with a malicious filename to write or overwrite files outside of the intended storage directory.

Vulnerable functions

APIV1Service.CreateAttachment

server/router/api/v1/attachment_service.go

This function was vulnerable to path traversal because it did not validate the `filename` from the user request before creating an attachment. An attacker could provide a malicious filename containing path traversal characters (e.g., `../../etc/passwd`) to create files in arbitrary locations on the server.

APIV1Service.UpdateAttachment

server/router/api/v1/attachment_service.go

This function was vulnerable to path traversal because it did not validate the new `filename` from the user request when updating an attachment. An attacker could rename an existing attachment to a malicious path, potentially leading to file overwrites or creating files in unintended locations.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-65799: memos lacks file name validation or verification

CVE-2025-65799:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

4.3

4.3

CVE-2025-65799: memos lacks file name validation or verification

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI