216.73.217.86

CVE-2025-65781

· Published 15/12/2025 14:15 · Modified 18/12/2025 01:35

Labels: CVE-2025-65781 2025-12-15CVE-2025-65781[email protected]

Essential information

Published
15/12/2025 14:15
Modified
18/12/2025 01:35
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS metrics

Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wekan project / wekan cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*

References