Description

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47.

INFO

Published Date :

2025-08-12T15:57:13.343Z

Last Modified :

2025-08-12T16:24:36.343Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55010 vulnerability.

Vendors Products
Kanboard
  • Kanboard
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55010.

URL Resource
https://github.com/kanboard/kanboard/blob/b033c0e0f982f8158e240bce8ab54c29727f8efe/app/Formatter/ProjectActivityEventFormatter.php#L43-L57 cve-icon cve-icon
https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f cve-icon cve-icon
https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact