PT-2025-38408 · Unknown · Tuleap Community Edition+1

Lesuisse

Published

2025-09-18

Updated

2025-09-18

CVE-2025-59040

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.11.99.1757427600 Tuleap Enterprise Edition versions prior to 16.11-6 Tuleap Enterprise Edition version 16.10-8

Description Backlog item representations do not verify the permissions of child trackers, potentially allowing users to view tracker names they should not have access to.

Recommendations Update Tuleap Community Edition to version 16.11.99.1757427600. Update Tuleap Enterprise Edition to version 16.11-6. Update Tuleap Enterprise Edition to version 16.10-8.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-280

Related Identifiers

CVE-2025-59040

GHSA-67XC-39V9-PFFG

Affected Products

Tuleap Community Edition

Tuleap Enterprise Edition

PT-2025-38408 · Unknown · Tuleap Community Edition+1

CVE-2025-59040

Weakness Enumeration

Related Identifiers

Affected Products

References · 8