CVE-2025-65781

EPSS 0.06%
Veröffentlicht 15.12.2025 00:00:00
Zuletzt bearbeitet 18.12.2025 01:35:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wekan Project ≫ Wekan Version < 8.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/wekan/wekan

Product

https://wekan.fi/hall-of-fame/spacebleed/

Vendor Advisory

https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release

Release Notes

https://github.com/wekan/wekan/commit/ccd90343394f433b287733ad0a33c08e0a71f53c

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-65781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65781

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-65781