CVE-2025-50738
Published: 29 July 2025
Summary
CVE-2025-50738 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Usememos Memos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
The Memos application up to version v0.24.3 permits embedding of markdown images that reference arbitrary URLs. When any user views a memo containing such an image, the browser automatically issues a request to the attacker-supplied URL, exposing the viewer's IP address, User-Agent string, and other request metadata without further interaction. The issue is tracked as CWE-200 and carries a CVSS 3.1 score of 9.8.
An attacker who can create or modify memos can supply a markdown image tag pointing to a server under their control. Any subsequent viewer of that memo causes their browser to leak identifying information to the attacker, enabling IP-based tracking and reconnaissance across the application's user base. The vulnerability requires no authentication or user interaction beyond viewing the memo.
Public references point to the upstream Memos repository and an associated issue thread, but do not yet document a released patch or specific mitigation steps. The EPSS score remains flat at 0.0698 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23004
Vulnerability details
The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction…
more
beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing Memos app allows arbitrary external image URLs in memos, enabling unauthenticated attackers to trigger client info leaks (IP/User-Agent) on view for reconnaissance.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Filters rendered markdown output in memos to block or proxy arbitrary external image URLs, preventing automatic browser fetches and information disclosure to attacker servers.
Validates and sanitizes user-submitted memo content to reject or restrict embedding of arbitrary external image URLs during input processing.
Remediates the specific flaw in Memos up to v0.24.3 by identifying, testing, and installing vendor patches that fix arbitrary markdown image URL handling.