CVE-2025-65782 — MEDIUM (6.5)

Q: How severe is CVE-2025-65782?

CVE-2025-65782 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65782?

Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.

Vulnerability Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authenticated users) to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wekan Project	Wekan	<= 8.15

Related Weaknesses (CWE)

CWE-285

References

https://github.com/wekan/wekanProduct
https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--relRelease Notes
https://github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9cPatch
https://wekan.fi/hall-of-fame/spacebleed/Vendor Advisory

FAQ

What is CVE-2025-65782?

CVE-2025-65782 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authent...

How severe is CVE-2025-65782?

CVE-2025-65782 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65782?

Check the references section above for vendor advisories and patch information. Affected products include: Wekan Project Wekan.