CVE-2025-65781 is a security vulnerability discovered in Wekan, an open-source kanban board system widely used for project management and team collaboration. The vulnerability affects all versions up to 18.15 and was addressed in version 18.16. The root cause lies in the attachment upload API, which erroneously interprets the Authorization header's bearer token value as a userId. This misinterpretation leads the server to enter a non-terminating loop during body handling whenever a non-empty bearer token is provided, regardless of its validity. Consequently, an attacker can exploit this flaw by sending crafted requests with arbitrary bearer tokens to trigger an application-layer denial of service (DoS), effectively exhausting server resources and disrupting service availability. Additionally, because the bearer token is treated as a userId without proper validation, there is a latent risk of identity spoofing, potentially allowing attackers to impersonate users or escalate privileges within the application. The vulnerability does not require valid authentication credentials or user interaction, making exploitation trivial. Although no active exploits have been reported, the vulnerability's presence in a collaboration platform used by organizations worldwide elevates its risk profile. The absence of a CVSS score necessitates an assessment based on impact and exploitability factors, which indicate a high severity level. The fix involves updating to Wekan 18.16 or later, where proper validation and handling of bearer tokens have been implemented to prevent the infinite loop and identity spoofing issues.

For European organizations, the vulnerability poses significant risks to both operational continuity and data integrity. The application-layer DoS can lead to service outages, disrupting project management workflows and collaboration efforts critical to business operations. This disruption can cause delays, reduce productivity, and potentially impact contractual obligations. The latent identity spoofing risk threatens confidentiality and integrity by enabling unauthorized access or actions under the guise of legitimate users, which could lead to data leakage, unauthorized modifications, or privilege escalation. Organizations relying on Wekan for sensitive or regulated data management may face compliance issues if the vulnerability is exploited. The ease of exploitation without authentication increases the threat landscape, making even less sophisticated attackers capable of causing harm. The lack of known exploits in the wild suggests a window of opportunity for defenders to patch systems before widespread attacks occur. However, the open-source nature of Wekan and its adoption in various sectors, including government, education, and private enterprises across Europe, underscores the importance of timely mitigation.

1. Immediately upgrade all Wekan instances to version 18.16 or later, where the vulnerability has been fixed. 2. Implement strict validation of Authorization bearer tokens in the API to ensure tokens are properly authenticated and correspond to valid user identities. 3. Monitor application logs for unusual or repeated attachment upload requests with malformed or unexpected bearer tokens to detect potential exploitation attempts. 4. Employ rate limiting and request throttling on the attachment upload API endpoint to mitigate the impact of potential DoS attacks. 5. Conduct regular security audits and code reviews of custom integrations or modifications to Wekan to ensure no similar token handling issues exist. 6. Educate development and operations teams about the importance of validating authentication tokens and handling API inputs securely. 7. Consider deploying Web Application Firewalls (WAFs) with rules to detect and block anomalous API requests targeting the attachment upload endpoint. 8. Maintain an incident response plan that includes procedures for handling DoS attacks and identity spoofing incidents.