Cyber Resilience

CVE-2025-65781

HighDDoS

Published: 15 December 2025

Published
15 December 2025
Modified
18 December 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0008 22.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65781 is a high-severity Improper Authentication (CWE-287) vulnerability in Wekan Project Wekan. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty bearer…

more

token, enabling trivial application-layer DoS and latent identity-spoofing.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wekan project
wekan
≤ 8.16

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-287 CWE-400

Review of authentication-related audit records can detect improper authentication mechanisms or bypasses.

addresses: CWE-287 CWE-400

Integrated incident analysis improves detection and mitigation of authentication bypasses and failures during security events.

addresses: CWE-287 CWE-400

Authentication mechanism testing and evaluation during development identifies bypass or weakness conditions, with mandatory correction prior to system delivery.

addresses: CWE-287 CWE-400

Detects unauthorized use and connections stemming from authentication bypass or failure.

addresses: CWE-400

Limiting concurrent sessions directly prevents uncontrolled resource consumption by capping the number of active sessions per user or account.

addresses: CWE-287

Detects unauthorized successful logons resulting from improper authentication implementations.

addresses: CWE-287

Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.

addresses: CWE-287

Security awareness training instructs users on secure authentication practices and avoiding credential compromise.

References