Home > Vulnerability Database > CVE-2025-65782

Mend.io Vulnerability Database

CVE-2025-65782

Good to know:

Date: December 15, 2025

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authenticated users) to add/remove arbitrary user IDs in vote.positive / vote.negative arrays, enabling vote forgery and unauthorized voting.

Severity Score

6.5

Related Resources (6)

Url: https://github.com/wekan/wekan/commit/0a1a075f3153e71d9a858576f1c68d2925230d9c

Url: https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release

Url: https://wekan.fi/hall-of-fame/spacebleed/

Url: https://github.com/wekan/wekan

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65782

Url: https://www.mend.io/vulnerability-database/CVE-2025-65782

Severity Score

6.5

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version https://github.com/wekan/wekan.git - v18.6

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65782

Good to know:

Date: December 15, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?