{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55011", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-04T17:34:24.422Z", "datePublished": "2025-08-12T15:57:08.108Z", "dateUpdated": "2025-08-12T19:31:01.757Z"}, "containers": {"cna": {"title": "Kanboard Path Traversal in File Write via Task File Upload Api", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"}, {"name": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681", "tags": ["x_refsource_MISC"], "url": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681"}, {"name": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57", "tags": ["x_refsource_MISC"], "url": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57"}], "affected": [{"vendor": "kanboard", "product": "kanboard", "versions": [{"version": "< 1.2.47", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-12T15:57:08.108Z"}, "descriptions": [{"lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47."}], "source": {"advisory": "GHSA-26f4-rx96-xc55", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-12T19:30:38.995283Z", "id": "CVE-2025-55011", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T19:31:01.757Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55011", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-12T19:30:38.995283Z"}}}], "references": [{"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T18:08:44.621Z"}}], "cna": {"title": "Kanboard Path Traversal in File Write via Task File Upload Api", "source": {"advisory": "GHSA-26f4-rx96-xc55", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "kanboard", "product": "kanboard", "versions": [{"status": "affected", "version": "< 1.2.47"}]}], "references": [{"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55", "name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681", "name": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57", "name": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-12T15:57:08.108Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55011", "state": "PUBLISHED", "dateUpdated": "2025-08-12T19:31:01.757Z", "dateReserved": "2025-08-04T17:34:24.422Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-12T15:57:08.108Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kanboard:kanboard:*:*:*:*:*:*:*:*", "matchCriteriaId": "8725B482-0964-41C2-9E52-AB3DB5BE0976", "versionEndExcluding": "1.2.47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47."}, {"lang": "es", "value": "Kanboard es un software de gesti\u00f3n de proyectos basado en la metodolog\u00eda Kanban. Antes de la versi\u00f3n 1.2.47, el m\u00e9todo createTaskFile de la API no validaba si el par\u00e1metro task_id era un ID de tarea v\u00e1lido ni verificaba path traversal. Por lo tanto, un usuario malicioso podr\u00eda escribir un archivo en cualquier parte del sistema que controle el usuario de la aplicaci\u00f3n. El impacto es limitado debido a que el nombre del archivo est\u00e1 codificado y no tiene extensi\u00f3n. Este problema se ha corregido en la versi\u00f3n 1.2.47."}], "id": "CVE-2025-55011", "lastModified": "2025-08-22T17:15:47.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-12T16:15:28.700", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}