CVE-2025-50738

moderate-risk

Published 2025-07-29

The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.

Do I need to act?

4.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Memos

Affected Vendors

Usememos

References (3)

https://github.com/fai1424/Vulnerability-Research/tree/main/CVE-2025-50738

Product https://github.com/usememos/memos

Exploit https://github.com/usememos/memos/issues/4707#issuecomment-2898504237

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 8/34 · Low

Exposure 5/34 · Minimal