PT-2025-51218 · Wekan · Wekan
Siam Thanat Hack
+1
·
Published
2025-12-15
·
Updated
2025-12-18
·
CVE-2025-65779
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Wekan versions prior to 18.16
Description
An issue exists in Wekan, an open-source kanban board system, where unauthenticated attackers can modify a board's "sort" value. The
Boards.allow function does not verify the user ID, enabling unauthorized reordering of boards.Recommendations
Update to version 18.16 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wekan