CVE-2025-65781
Published: 15 December 2025
Summary
CVE-2025-65781 is a high-severity Improper Authentication (CWE-287) vulnerability in Wekan Project Wekan. Its CVSS base score is 8.2 (High).
Operationally, ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-203372
Vulnerability details
An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer…
more
token, enabling trivial application-layer DoS and latent identity-spoofing.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Review of authentication-related audit records can detect improper authentication mechanisms or bypasses.
Integrated incident analysis improves detection and mitigation of authentication bypasses and failures during security events.
Authentication mechanism testing and evaluation during development identifies bypass or weakness conditions, with mandatory correction prior to system delivery.
Detects unauthorized use and connections stemming from authentication bypass or failure.
Limiting concurrent sessions directly prevents uncontrolled resource consumption by capping the number of active sessions per user or account.
Detects unauthorized successful logons resulting from improper authentication implementations.
Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.
Security awareness training instructs users on secure authentication practices and avoiding credential compromise.