CVE-2025-65781
CVE-2025-65781
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer token, enabling trivial application-layer DoS and latent identity-spoofing.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected products
n/a · n/a