CVE-2025-65781

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Wekan versions prior to 18.16

Description An issue exists in the Attachment upload API of Wekan, an open-source kanban board system. The API incorrectly processes the Authorization bearer token as a userId, leading to a non-terminating process when a non-empty token is provided. This can cause a denial-of-service condition and potentially allow for identity spoofing. The API endpoint affected is the attachment upload API. The vulnerable parameter is the Authorization bearer token.

Recommendations Update to version 18.16 or later.

Fix

DoS

Resource Exhaustion

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-287

Related Identifiers

CVE-2025-65781

Affected Products

Wekan

CVE-2025-65781

Weakness Enumeration

Related Identifiers

Affected Products

References · 9