Project Management Software Vulnerability in Kanboard by Kanboard
CVE-2025-52576

5.3MEDIUM

Key Information:

Vendor

Kanboard

Status
Kanboard
Vendor
CVE Published:
25 June 2025

What is CVE-2025-52576?

Kanboard, a project management tool based on the Kanban method, suffers from a significant vulnerability that allows attackers to exploit login mechanisms. Prior to version 1.2.46, the software is susceptible to username enumeration through the manipulation of trusted HTTP headers. This flaw enables attackers to identify valid usernames and, at the same time, bypass IP-based protections like Fail2Ban or CAPTCHA. Organizations running publicly accessible Kanboard instances face heightened risks as attackers can leverage this vulnerability to execute brute-force or credential stuffing attacks, increasing the potential for unauthorized access to user accounts.

Affected Version(s)

kanboard < 1.2.46

References

https://github.com/kanboard/kanboard/security/advisories/...
x_refsource_CONFIRM
https://github.com/kanboard/kanboard/commit/3079623640dc3...
x_refsource_MISC
https://github.com/kanboard/kanboard/blob/cbb7e60fb595ff4...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-52576 : Project Management Software Vulnerability in Kanboard by Kanboard