Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-65780
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-15 Dec, 2025 | 14:15
Updated At-18 Dec, 2025 | 01:37

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
wekan_project
wekan_project
>>wekan>>Versions before 8.16(exclusive)
cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/wekan/wekancve@mitre.org
Product
https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--releasecve@mitre.org
Release Notes
https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81cve@mitre.org
Patch
https://wekan.fi/hall-of-fame/spacebleed/cve@mitre.org
Vendor Advisory
Hyperlink: https://github.com/wekan/wekan
Source: cve@mitre.org
Resource:
Product
Hyperlink: https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://wekan.fi/hall-of-fame/spacebleed/
Source: cve@mitre.org
Resource:
Vendor Advisory
Change History
0Changes found
Details not found