Cyber Posture

CVE-2025-22952

CriticalPublic PoC

Published: 27 February 2025

Published
27 February 2025
Modified
10 July 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2493 96.2th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22952 is a critical-severity SSRF (CWE-918) vulnerability in Usememos Memos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the insufficient validation of user-supplied URLs, preventing SSRF by implementing strict input validation mechanisms for URLs.

SI-2 Flaw Remediation good match
preventrecover

Ensures timely remediation of the specific SSRF flaw in Elestio Memos v0.23.0 via patching as documented in the fix pull request.

AC-4 Information Flow Enforcement partial match
prevent

Enforces information flow control policies to restrict the server from making unauthorized requests to internal or external resources exploited in SSRF.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE describes an unauthenticated remote SSRF vulnerability in a public-facing application (Memos), directly enabling initial access via exploitation of a public-facing app as per T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks.

Deeper analysisAI

CVE-2025-22952 is a Server-Side Request Forgery (SSRF) vulnerability in Elestio Memos version 0.23.0, stemming from insufficient validation of user-supplied URLs. This issue, classified under CWE-918, was published on 2025-02-27 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impacts across confidentiality, integrity, and availability.

Unauthenticated attackers with network access can exploit this vulnerability remotely with low complexity and no user interaction required. Exploitation enables SSRF attacks, allowing attackers to manipulate the server into making unauthorized requests on their behalf.

The Memos GitHub repository documents the issue in #4413 and provides a fix via pull request #4428. Security practitioners should consult the Elestio open-source Memos page and the official Memos repository for patching details and updated versions to mitigate the risk.

Details

CWE(s)
CWE-918

Affected Products

usememos
memos
0.23.0

CVEs Like This One

CVE-2025-50738Same product: Usememos Memos
CVE-2026-7025Shared CWE-918
CVE-2025-21385Shared CWE-918
CVE-2025-52362Shared CWE-918
CVE-2026-31317Shared CWE-918
CVE-2026-5016Shared CWE-918
CVE-2026-26338Shared CWE-918
CVE-2025-58045Shared CWE-918
CVE-2025-68030Shared CWE-918
CVE-2025-27651Shared CWE-918

References