x/vulndb: potential Go vuln in github.com/usememos/memos: CVE-2025-22952 #3492

GoVulnBot · 2025-02-27T21:01:19Z

Advisory CVE-2025-22952 references a vulnerability in the following Go modules:

Module
github.com/usememos/memos

Description:
elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

References:

Cross references:

github.com/usememos/memos appears in 64 other report(s):
- data/excluded/GO-2022-1173.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rgj5-jj5q-v3v7 #1173) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1226.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c2v4-8r9g-g5xj #1226) NOT_GO_CODE
- data/excluded/GO-2022-1228.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-v92p-phmp-xffr #1228) NOT_GO_CODE
- data/excluded/GO-2022-1254.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c5hq-35h7-r9x4 #1254) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1255.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-cwrm-33qq-4w2x #1255) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1258.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gxqf-4g4p-q3hc #1258) NOT_GO_CODE
- data/excluded/GO-2022-1262.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pwhr-p68w-296x #1262) NOT_GO_CODE
- data/excluded/GO-2022-1265.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rmhx-9h5h-3xh3 #1265) NOT_GO_CODE
- data/excluded/GO-2023-1271.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-8w5q-5fpq-v4pm #1271) NOT_GO_CODE
- data/excluded/GO-2023-1272.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-x9p9-v3x6-68mq #1272) NOT_GO_CODE
- data/excluded/GO-2023-1286.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5jqp-wmhj-g33f #1286) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-1460.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-8686-4cr3-76wj #1460) NOT_GO_CODE
- data/excluded/GO-2023-1467.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pcvh-px2p-vmxw #1467) NOT_GO_CODE
- data/excluded/GO-2023-2037.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-96gq-6ch5-mm54 #2037) EFFECTIVELY_PRIVATE
- data/reports/GO-2022-1189.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-c8jh-vcjh-fx2w #1189)
- data/reports/GO-2022-1190.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-vwg4-846x-f94v #1190)
- data/reports/GO-2022-1191.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-w57v-6xp4-rm2v #1191)
- data/reports/GO-2022-1192.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qcw2-492v-57xj #1192)
- data/reports/GO-2022-1205.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9v48-2h5x-fvpm #1205)
- data/reports/GO-2022-1215.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-68gw-r2x5-7r5r #1215)
- data/reports/GO-2022-1216.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-f552-97qx-c694 #1216)
- data/reports/GO-2022-1217.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-fv6c-rfg3-gvjw #1217)
- data/reports/GO-2022-1218.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qr52-59r6-49f4 #1218)
- data/reports/GO-2022-1219.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-33m8-f4hw-wm3q #1219)
- data/reports/GO-2022-1220.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-j593-h5v3-45x6 #1220)
- data/reports/GO-2022-1225.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-97rc-mm5j-f6rj #1225)
- data/reports/GO-2022-1235.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-f83p-pg86-p922 #1235)
- data/reports/GO-2022-1236.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-ghx2-6v4g-9wmm #1236)
- data/reports/GO-2022-1239.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-jvq8-w7qv-hqp6 #1239)
- data/reports/GO-2022-1240.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mfvq-m3jj-8864 #1240)
- data/reports/GO-2022-1243.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qcf5-m2c6-89f2 #1243)
- data/reports/GO-2022-1244.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qrrf-xvcf-p64q #1244)
- data/reports/GO-2022-1245.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qw36-rw5q-gxcq #1245)
- data/reports/GO-2022-1248.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-rx2m-xr4x-54hh #1248)
- data/reports/GO-2022-1250.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-642q-2q68-9j3p #1250)
- data/reports/GO-2022-1251.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6fx9-29x2-fmfj #1251)
- data/reports/GO-2022-1252.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6w5w-wx8w-2cq9 #1252)
- data/reports/GO-2022-1253.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-7qpw-2j9m-rw8c #1253)
- data/reports/GO-2022-1256.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gfj4-wg89-m22r #1256)
- data/reports/GO-2022-1257.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-gw9m-2m5v-c6x5 #1257)
- data/reports/GO-2022-1259.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-hc5q-26h8-r9wf #1259)
- data/reports/GO-2022-1260.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-m5pr-wm6q-x4g2 #1260)
- data/reports/GO-2022-1261.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-pp3p-6jjh-rmg7 #1261)
- data/reports/GO-2022-1263.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-qf9q-3wwx-8qjv #1263)
- data/reports/GO-2022-1264.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-r7hg-2cpp-8wqq #1264)
- data/reports/GO-2022-1266.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-vh43-cc6x-prpr #1266)
- data/reports/GO-2023-1270.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6whj-8g9g-5jvx #1270)
- data/reports/GO-2023-1285.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-42q2-m54f-jh95 #1285)
- data/reports/GO-2023-1291.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mfmp-8mqg-q4wm #1291)
- data/reports/GO-2023-1292.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-mq5q-gpgv-pwxw #1292)
- data/reports/GO-2023-1449.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-r3p3-5f35-h6mf #1449)
- data/reports/GO-2023-1461.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9h7x-9pmh-7gg8 #1461)
- data/reports/GO-2023-1462.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-fpjc-cxr6-w6h8 #1462)
- data/reports/GO-2023-1465.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-h2ph-9r76-37v5 #1465)
- data/reports/GO-2023-1469.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-x22v-qgm2-7qc7 #1469)
- data/reports/GO-2023-1566.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos/server: CVE-2022-25978 #1566)
- data/reports/GO-2023-2036.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5j6p-59cj-j6cp #2036)
- data/reports/GO-2023-2038.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-j2gj-g3p9-7mrr #2038)
- data/reports/GO-2023-2065.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-2g7r-9xq5-c6hv #2065)
- data/reports/GO-2024-3046.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-65fm-2jgr-j7qq #3046)
- data/reports/GO-2024-3047.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-6fcf-g3mp-xj2x #3047)
- data/reports/GO-2024-3049.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-9cqm-mgv9-vv9j #3049)
- data/reports/GO-2024-3088.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-p4fx-qf2h-jpmj #3088)
- data/reports/GO-2024-3274.yaml (x/vulndb: potential Go vuln in github.com/usememos/memos: GHSA-5r2g-59px-3q9w #3274)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/usememos/memos
      vulnerable_at: 0.24.0
summary: CVE-2025-22952 in github.com/usememos/memos
cves:
    - CVE-2025-22952
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-22952
    - fix: https://github.com/usememos/memos/pull/4428
    - report: https://github.com/usememos/memos/issues/4413
    - web: https://elest.io/open-source/memos
    - web: https://github.com/usememos/memos
source:
    id: CVE-2025-22952
    created: 2025-02-27T21:01:18.998943107Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2025-03-03T16:32:38Z

Change https://go.dev/cl/654257 mentions this issue: data/reports: add 23 reports

GoVulnBot added cve-year-2025 NeedsTriage labels Feb 27, 2025

thatnealpatel added triaged and removed NeedsTriage labels Mar 3, 2025

thatnealpatel self-assigned this Mar 3, 2025

gopherbot closed this as completed in a5c443c Mar 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/usememos/memos: CVE-2025-22952 #3492

x/vulndb: potential Go vuln in github.com/usememos/memos: CVE-2025-22952 #3492

GoVulnBot commented Feb 27, 2025

gopherbot commented Mar 3, 2025

x/vulndb: potential Go vuln in github.com/usememos/memos: CVE-2025-22952 #3492

x/vulndb: potential Go vuln in github.com/usememos/memos: CVE-2025-22952 #3492

Comments

GoVulnBot commented Feb 27, 2025

gopherbot commented Mar 3, 2025