Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2025-65780

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs.

Published: Dec 15, 2025
Updated: Dec 18, 2025
CVE: CVE-2025-65780
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-284

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
wekan_project / wekan	-	8.16

https://github.com/wekan/wekan
https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release
https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81
https://wekan.fi/hall-of-fame/spacebleed/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo