漏洞描述
Elestio Memos 是 Elestio 公司提供的托管服务,用于一键部署和运行开源项目 Memos(一个轻量级自托管笔记工具)。elestiomemos v0.23.0本本 由于对用户提供的 URL 验证不充分,容易受到服务器端请求伪造 (SSRF) 的攻击,可被利用来执行 SSRF 攻击。
ElestioMemos v0.23.0版本存在SSRF漏洞(CVE-2025-22952)
PoC代码
暂无相关漏洞推荐
- POCCVE-2025-50738: Memos < 0.25.0 - Stored Cross-Site Scripting
- POCCVE-2024-29028: Memos 0.13.2 - Server-Side Request Forgery
- POCCVE-2024-29029: Memos 0.13.2 - Cross-Site Scripting & SSRF
- POCCVE-2024-29030: Memos 0.13.2 - Server-Side Request Forgery
- POCCVE-2025-22952: Elestio Memos <= v0.24.0 - Server-Side Request Forgery
- POCCVE-2025-50738: Memos < 0.25.0 - Stored Cross-Site Scripting
- POCCVE-2024-29028: Memos 0.13.2 - Server-Side Request Forgery
- POCCVE-2024-29029: Memos 0.13.2 - Cross-Site Scripting & SSRF
- POCCVE-2024-29030: Memos 0.13.2 - Server-Side Request Forgery
- POCCVE-2025-22952: Elestio Memos <= v0.24.0 - Server-Side Request Forgery