9.8

CVE-2025-50738

Exploit

EPSS 3.64%
Veröffentlicht 29.07.2025 00:00:00
Zuletzt bearbeitet 22.08.2025 16:15:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Usememos ≫ Memos Version <= 0.24.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.64%	0.873

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/usememos/memos

Product

https://github.com/usememos/memos/issues/4707#issuecomment-2898504237

Exploit

Issue Tracking

https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50738

https://nvd.nist.gov/vuln/detail/CVE-2025-50738

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-50738

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-50738

EUVD