Description

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.

INFO

Published Date :

2025-07-29T19:16:35.977Z

Last Modified :

2025-07-29T19:34:26.472Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52899 vulnerability.

Vendors Products
Enalean
  • Tuleap
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52899.

URL Resource
https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07 cve-icon cve-icon
https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2 cve-icon cve-icon
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07 cve-icon cve-icon
https://tuleap.net/plugins/tracker/?aid=43674 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact