Unrated severityOSV Advisory· Published Dec 15, 2025· Updated Dec 17, 2025

CVE-2025-65782

Description

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authenticated users) to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting.

Affected products

Wekan/WekanOSV
Range: 4.30, 4.31, stable, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wekan/wekan/blob/main/CHANGELOG.mdmitre
github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9cmitre
wekan.fi/hall-of-fame/spacebleed/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000