CVE-2025-65780 is a security vulnerability identified in Wekan, an open-source kanban board system widely used for project and task management. The vulnerability exists in all versions up to 18.15 and was addressed in version 18.16. The core issue arises from insufficient server-side authorization checks that allow authenticated users to update their entire user document beyond the intended profile fields. Specifically, users can modify sensitive attributes such as their organizational affiliations (orgs/teams) and the loginDisabled flag. This unauthorized modification capability enables privilege escalation, allowing attackers to gain access to other teams or organizations within the Wekan instance. The vulnerability compromises confidentiality by exposing data across organizational boundaries and threatens integrity by allowing unauthorized changes to user and organizational data. Exploitation requires valid user credentials but no further privileges or user interaction. Although no exploits have been reported in the wild, the vulnerability's nature makes it a significant risk for environments where multiple teams or organizations collaborate using Wekan. The lack of a CVSS score necessitates an assessment based on impact and exploitability factors. The vulnerability affects the core user management functionality, which is critical for maintaining secure access controls. The fix in version 18.16 involves implementing proper server-side authorization checks to restrict user document updates to authorized fields only.

For European organizations, the impact of CVE-2025-65780 can be substantial, especially for those relying on Wekan for collaborative project management across multiple teams or departments. Unauthorized modification of user documents can lead to privilege escalation, allowing attackers to access sensitive information from other teams or organizations, violating data confidentiality and potentially breaching GDPR requirements. Integrity of organizational data is also at risk, as attackers can alter team memberships or disable user logins, disrupting operations and trust in the system. Availability impact is moderate but could arise if attackers disable critical user accounts or manipulate organizational structures to cause operational disruptions. The risk is heightened in sectors with strict compliance and data protection mandates, such as finance, healthcare, and government agencies. Additionally, the vulnerability could facilitate lateral movement within an organization’s IT environment if Wekan is integrated with other internal systems. The absence of known exploits suggests a window for proactive mitigation before widespread exploitation occurs.

1. Upgrade all Wekan instances to version 18.16 or later immediately to apply the official patch addressing this vulnerability. 2. Conduct a thorough audit of user accounts and permissions to detect any unauthorized changes to user documents, especially modifications to orgs/teams and loginDisabled fields. 3. Implement strict access controls and monitoring on Wekan administrative functions to detect and prevent privilege escalation attempts. 4. Review and enhance server-side authorization logic in any custom integrations or plugins interacting with Wekan’s user management. 5. Educate users about the importance of credential security to prevent attackers from gaining authenticated access. 6. Enable detailed logging and alerting on user document updates to quickly identify suspicious activity. 7. Consider network segmentation and limiting Wekan access to trusted internal networks to reduce exposure. 8. Regularly back up Wekan data to enable recovery in case of malicious modifications. 9. Engage in vulnerability scanning and penetration testing focused on access control weaknesses within collaboration tools.