Information Disclosure in Memos Application by UseMemos
CVE-2025-50738

9.8CRITICAL

Key Information:

Vendor: UseMemos
Status: Memos
Vendor: CVE Published:; 29 July 2025

What is CVE-2025-50738?

The Memos application, through version v0.24.3, includes a vulnerability that allows for the embedding of images with arbitrary URLs in markdown. When users view these memos, their browsers automatically fetch the embedded images, thereby exposing critical user information such as the IP address and browser User-Agent string to potential attackers. This can result in unauthorized information disclosure and user tracking, presenting significant risks to user privacy.

References

https://github.com/usememos/memos

https://github.com/usememos/memos/issues/4707#issuecommen...

https://github.com/fai1424/Vulnerability-Research/tree/ma...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jun 16, 2025