CVE-2025-55011 Information

Aug 13, 2025 cve

Description

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47 the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id nor does it check for path traversal. As a result a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.

Reference

https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57 https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681 https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55 https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55

CNNVD-202508-1071 (Published: 2025-08-12)

Share on:

CVE-2025-55011 Information

Description

Reference

Related CNNVD