CVE-2025-65782

MEDIUM EPSS 13.1%
Published Dec 15, 20256mo ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Dec 15, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authenticated users) to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
13.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-285

Affected Products 1

VendorProductVersionRange
wekan_projectwekan* ≤8.15

References 4

  • github.com https://github.com/wekan/wekan
    Product
  • github.com https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release
    Release Notes
  • github.com https://github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9c
    Patch
  • wekan.fi https://wekan.fi/hall-of-fame/spacebleed/
    Vendor Advisory

Remediation

  • github.com https://github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9c
    Patch