CVE-2025-65962

Tuleap has missing CSRF protections its in tracker field dependencies

Description

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowing attackers to modify tracker fields. This issue is fixed in Tuleap Community Edition version 17.0.99.1763803709 and Tuleap Enterprise Edition versions 17.0-4 and 16.13-9.

INFO

Published Date :

2025-12-08T23:15:02.980Z

Last Modified :

2025-12-09T16:04:21.648Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-65962 vulnerability.

Vendors	Products
Enalean	Tuleap

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65962.

URL	Resource
https://github.com/Enalean/tuleap/commit/26678c5b411042e68964b199bf88a44607550633
https://github.com/Enalean/tuleap/security/advisories/GHSA-9hgc-cm68-rrgc
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=26678c5b411042e68964b199bf88a44607550633
https://tuleap.net/plugins/tracker/?aid=45632

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact