CNNVD-202512-2701 Information

CNNVD ID

CNNVD-202512-2701

Related CVE

CVE-2025-65780

• CNNVD Published: 2025-12-15

Description (Chinese)

WeKan是WeKan开源的一个看板应用程序。 WeKan 18.15及之前版本存在安全漏洞，该漏洞源于经过身份验证的用户可以更新其整个用户文档，可能导致权限提升和未经授权的访问。

Description (English)

Wekan is a panel application from WeKan Open Source. Wekan 18.15 and previous versions had a security loophole, which stemmed from the ability of an authentication user to update its entire user file, which could lead to enhanced privileges and unauthorized access.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

WeKan

Published

2025-12-15

Last Modified

2026-02-24

References

https://github.com/wekan/wekan https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan–release https://github.com/wekan/wekan/commit/f26d58201855e861bab1cd1fda4d62c664efdb81 https://wekan.fi/hall-of-fame/spacebleed/ https://access.redhat.com/security/cve/cve-2025-65780

Patch

https://github.com/wekan/wekan/releases