Path Traversal Vulnerability in Kanboard Project Management Software
CVE-2025-55011

6.4MEDIUM

Key Information:

Vendor

Kanboard

Status
Kanboard
Vendor
CVE Published:
12 August 2025

What is CVE-2025-55011?

A vulnerability exists in Kanboard, a project management tool that adheres to the Kanban method. The issue lies within the API's createTaskFile method, which lacks adequate validation for the task_id parameter, allowing unauthorized access to the file system. In the absence of checks for path traversal, an attacker could exploit this flaw to write files anywhere within the user's controlled environment. Although the potential impact is somewhat mitigated by the hashing of filenames and their lack of extensions, it poses a significant risk. Users should upgrade to version 1.2.47 or later to safeguard their systems.

Affected Version(s)

kanboard < 1.2.47

References

https://github.com/kanboard/kanboard/security/advisories/...
x_refsource_CONFIRM
https://github.com/kanboard/kanboard/commit/523a6135e944b...
x_refsource_MISC
https://github.com/kanboard/kanboard/blob/b2e35ac520add67...
x_refsource_MISC

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.