Home > Vulnerability Database > CVE-2025-65780

Mend.io Vulnerability Database

CVE-2025-65780

Good to know:

Date: December 15, 2025

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.

Severity Score

8.8

Related Resources (6)

Url: https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release

Url: https://wekan.fi/hall-of-fame/spacebleed/

Url: https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81

Url: https://github.com/wekan/wekan

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65780

Url: https://www.mend.io/vulnerability-database/CVE-2025-65780

Severity Score

8.8

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version https://github.com/wekan/wekan.git - v8.16

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65780

Good to know:

Date: December 15, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?