CVE-2025-64498

Summary

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

Affected Software

VendorProductVersion RangeStatus
EnaleantuleapTuleap Community Edition < 17.0.99.1762444754affected
EnaleantuleapTuleap Enterprise Edition < 17.0-2affected
EnaleantuleapTuleap Enterprise Edition < 16.13-7affected
EnaleantuleapTuleap Enterprise Edition < 16.12-10affected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References