PT-2025-51219 · Wekan · Wekan
Siam Thanat Hack
+1
·
Published
2025-12-15
·
Updated
2025-12-15
·
CVE-2025-65780
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wekan versions prior to 18.16
Description
Authenticated users can modify their entire user document, including organization and team memberships, and login status, due to insufficient server-side authorization checks. This allows for privilege escalation and unauthorized access to other teams and organizations.
Recommendations
Update to version 18.16 or later.
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wekan