CVE-2025-65795

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions usememos memos version 0.25.2

Description A flaw in access control within the /api/v1/user endpoint of usememos memos allows unauthorized account creation through a specially crafted request. The issue allows attackers to bypass intended security measures and create arbitrary accounts. The vulnerable endpoint is /api/v1/user. The request is crafted to exploit the access control weakness.

Recommendations Update usememos memos to a version with corrected access controls for the /api/v1/user endpoint.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-65795

GHSA-MG56-WC4Q-RW4W

GO-2025-4217

SUSE-SU-2026:0037-1

Affected Products

Usememos/Memos

CVE-2025-65795

Weakness Enumeration

Related Identifiers

Affected Products

References · 90