CVE-2025-65781 — HIGH (8.2)

Q: How severe is CVE-2025-65781?

CVE-2025-65781 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65781?

Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.

Vulnerability Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wekan Project	Wekan	< 8.16

Related Weaknesses (CWE)

CWE-287 CWE-400

References

https://github.com/wekan/wekanProduct
https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--relRelease Notes
https://github.com/wekan/wekan/commit/ccd90343394f433b287733ad0a33c08e0a71f53cPatch
https://wekan.fi/hall-of-fame/spacebleed/Vendor Advisory

FAQ

What is CVE-2025-65781?

CVE-2025-65781 is a vulnerability with a CVSS score of 8.2 (HIGH). An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-termi...

How severe is CVE-2025-65781?

CVE-2025-65781 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65781?

Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.