CVE-2025-56760: 
NixOS vulnerability analysis and mitigation

CVE-2025-56760 is a path traversal vulnerability discovered in Memos version 0.22. When Memos is configured to store objects locally, an authenticated attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server. The vulnerability was disclosed on September 3, 2025, and affects the local storage configuration of Memos (Sonar Blog, NVD).

The vulnerability exists in the CreateResource endpoint's file handling mechanism. When Memos is configured to use local storage, it processes uploaded files using a filepathTemplate that includes a user-controlled {filename} parameter. The application fails to properly sanitize the filename, allowing an authenticated attacker to include path traversal sequences (../) in the filename. This enables writing files outside the intended assets directory. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (NVD, Sonar Blog).

The vulnerability allows authenticated attackers to write arbitrary files to the server's filesystem. This could lead to remote code execution by allowing an attacker to write files that the server executes, such as cron jobs or malicious scripts. Additionally, attackers could overwrite crucial application configurations or modify SSH keys for a full server compromise (Sonar Blog).

As no official patch is available, the recommended mitigation is to restrict Memos access to trusted users only. Organizations should consider transitioning to a more secure platform or implementing additional access controls until a patch is released. The vulnerability was reported to the maintainers, but no response was received within the 90-day disclosure window (Sonar Blog).

Despite attempts to responsibly disclose the vulnerability to the Memos maintainers, no response was received during the 90-day disclosure window. The security community has emphasized the importance of proper input validation and secure file handling in web applications (Sonar Blog).