CVE 8.8 HIGH

CVE-2025-65780_CVE-2025-65780

December 17, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.

AI Analysis

Privilege escalation and unauthorized access to other teams/orgs due to missing server-side authorization checks

Basic Information

ID CVE-2025-65780

Source mitre

Published Dec 15, 2025 at 00:00

Modified Dec 17, 2025 at 18:49

Affected Product

Vendor Wekan

Product Wekan

Version up to 18.15

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Wekan

Product Wekan

Version up to 18.15

References

{
    "lastseen": "",
    "description": "An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.",
    "published": "2025-12-15T00:00:00.000Z",
    "modified": "2025-12-17T18:49:24.927Z",
    "type": "cve",
    "title": "CVE-2025-65780",
    "source": "mitre",
    "references": "https://github.com/wekan/wekan\nhttps://wekan.fi/hall-of-fame/spacebleed/\nhttps://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release\nhttps://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81",
    "id": "CVE-2025-65780",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Wekan",
    "version": "up to 18.15",
    "vendor": "Wekan",
    "ai_description": "Privilege escalation and unauthorized access to other teams/orgs due to missing server-side authorization checks",
    "ai_severity": "High",
    "ai_vendor": "Wekan",
    "ai_product": "Wekan",
    "ai_version": "up to 18.15",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply