PT-2025-44208 · Taiga · Taiga
Published
2025-10-28
·
Updated
2026-01-10
·
CVE-2025-62368
CVSS v3.1
9.0
Critical
| AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Taiga versions 6.8.3 and earlier
Description
Taiga is an open source project management platform. A remote code execution issue exists in the Taiga API due to unsafe deserialization of untrusted data. An attacker can execute arbitrary code remotely, potentially taking control of affected systems. The API is susceptible to this issue. The vulnerability arises from the deserialization of untrusted data.
Recommendations
Versions prior to 6.9.0 should be updated to version 6.9.0.
Exploit
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Taiga