VYPR
Unrated severityOSV Advisory· Published Dec 15, 2025· Updated Dec 17, 2025

CVE-2025-65780

CVE-2025-65780

Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wekan/WekanOSV2 versions
    4.30, 4.31, stable, …+ 1 more
    • (no CPE)range: 4.30, 4.31, stable, …
    • (no CPE)range: <=18.15

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.