CVE-2025-65778 — HIGH (8.1)

Q: How severe is CVE-2025-65778?

CVE-2025-65778 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65778?

Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.

Vulnerability Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type (text/html), allowing execution of attacker-supplied HTML/JS in the application's origin and enabling session/token theft and CSRF actions.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wekan Project	Wekan	< 8.16

Related Weaknesses (CWE)

CWE-79

References

https://github.com/wekan/wekanProduct
https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--relRelease Notes
https://github.com/wekan/wekan/commit/e9a727301d7b4f1689a703503df668c0f4f4cab8Patch
https://wekan.fi/hall-of-fame/spacebleed/Vendor Advisory

FAQ

What is CVE-2025-65778?

CVE-2025-65778 is a vulnerability with a CVSS score of 8.1 (HIGH). An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type (text/html), allowing...

How severe is CVE-2025-65778?

CVE-2025-65778 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65778?

Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.