CVE-2025-65795: memos vulnerability allows the creation of arbitrary accounts

December 8, 2025 (updated December 9, 2025)

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

References

github.com/advisories/GHSA-mg56-wc4q-rw4w
github.com/usememos/memos
github.com/usememos/memos/commit/769dcd0cf9be83d472829f6e7903b201e42f6b3c
github.com/usememos/memos/pull/5217
herolab.usd.de/usd-2025-0058
nvd.nist.gov/vuln/detail/CVE-2025-65795

Code Behaviors & Features

Detect and mitigate CVE-2025-65795 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →