Home > Vulnerability Database > CVE-2025-65781

Mend.io Vulnerability Database

CVE-2025-65781

Good to know:

Date: December 15, 2025

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.

Severity Score

8.2

Related Resources (6)

Url: https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release

Url: https://wekan.fi/hall-of-fame/spacebleed/

Url: https://github.com/wekan/wekan

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65781

Url: https://github.com/wekan/wekan/commit/ccd90343394f433b287733ad0a33c08e0a71f53c

Url: https://www.mend.io/vulnerability-database/CVE-2025-65781

Severity Score

8.2

Weakness Type (CWE)

Improper Authentication

CWE-287

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version https://github.com/wekan/wekan.git - v18.6

Learn More

CVSS v3.1

Base Score:	8.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65781

Good to know:

Date: December 15, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?