216.73.217.64

CVE-2025-65780

· Published 15/12/2025 14:15 · Modified 18/12/2025 01:37

Labels: CVE-2025-65780 2025-12-15CVE-2025-65780[email protected]

Essential information

Published
15/12/2025 14:15
Modified
18/12/2025 01:37
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wekan project / wekan cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*

References