CVE-2025-55011

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.47

Description: Kanboard is project management software based on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API did not validate the task id parameter to ensure it was a valid task ID, nor did it check for path traversal. This allowed a malicious actor to write a file to any location on the system controlled by the application user. The impact is limited because the filename is hashed and has no extension.

Recommendations: Upgrade to version 1.2.47 or later.