CVE-2025-62368

CVSS v3.1

9.0

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Taiga versions 6.8.3 and earlier

Description Taiga is an open source project management platform. A remote code execution issue exists in the Taiga API due to unsafe deserialization of untrusted data. An attacker can execute arbitrary code remotely, potentially taking control of affected systems. The API is susceptible to this issue. The vulnerability arises from the deserialization of untrusted data.

Recommendations Versions prior to 6.9.0 should be updated to version 6.9.0.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-62368

GHSA-CPCF-9276-FWC5

Affected Products

Taiga

CVE-2025-62368

Weakness Enumeration

Related Identifiers

Affected Products

References · 11