CVE-2025-64498

Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability

Description

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

INFO

Published Date :

2025-12-08T22:36:26.283Z

Last Modified :

2025-12-09T16:04:42.860Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64498 vulnerability.

Vendors	Products
Enalean	Tuleap

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64498.

URL	Resource
https://github.com/Enalean/tuleap/commit/993316dd6a291bb3937cb7a4571eaab0e7d55370
https://github.com/Enalean/tuleap/security/advisories/GHSA-vxfh-h8p6-p5rg
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=993316dd6a291bb3937cb7a4571eaab0e7d55370
https://tuleap.net/plugins/tracker/?aid=45593

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact