CVE-2025-22952

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions elestio memos version 0.23.0

Description The issue is related to insufficient validation of user-supplied URLs, which can be exploited to perform Server-Side Request Forgery (SSRF) attacks.

Recommendations For version 0.23.0, consider validating user-supplied URLs to prevent SSRF attacks. As a temporary workaround, restrict access to sensitive areas of the server that could be exploited through SSRF until a patch is available.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2025-22952

GHSA-WFXG-V3J4-7QMJ

GO-2025-3492

OPENSUSE-SU-2025:14889-1

Affected Products

Elestio Memos

CVE-2025-22952

Weakness Enumeration

Related Identifiers

Affected Products

References · 50