Description

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47.

INFO

Published Date :

2025-08-12T15:57:08.108Z

Last Modified :

2025-08-12T19:31:01.757Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55011 vulnerability.

Vendors Products
Kanboard
  • Kanboard
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55011.

URL Resource
https://github.com/kanboard/kanboard/blob/b2e35ac520add67cff792aab960b3c002c48e3d0/app/Api/Procedure/TaskFileProcedure.php#L47-L57 cve-icon cve-icon
https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef133681 cve-icon cve-icon
https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact