CVE-2025-65779

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

15/12/2025

Última modificación:

15/12/2025

Descripción

*** Pendiente de traducción *** An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board&#39;s "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary reordering of boards.

Impacto

Referencias a soluciones, herramientas e información

https://github.com/wekan/wekan
https://github.com/wekan/wekan/blob/main/CHANGELOG.md#v816-2025-11-02-wekan--release
https://github.com/wekan/wekan/commit/ea310d7508b344512e5de0dfbc9bdfd38145c5c5
https://wekan.fi/hall-of-fame/spacebleed/