Description

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.

INFO

Published Date :

2025-12-08T23:08:22.218Z

Last Modified :

2025-12-09T16:04:28.307Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64760 vulnerability.

Vendors Products
Enalean
  • Tuleap
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64760.

URL Resource
https://github.com/Enalean/tuleap/commit/71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4 cve-icon cve-icon
https://github.com/Enalean/tuleap/security/advisories/GHSA-f2xv-x3g6-4j9p cve-icon cve-icon
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=71d427b0f7ed8fa269a5ee6f7a557cf3dfc99cd4 cve-icon cve-icon
https://tuleap.net/plugins/tracker/?aid=45618 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact