CVE-2025-64117

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 16.13.99.1761813675 Tuleap Enterprise Edition versions prior to 16.13-5 and 16.12-8

Description Tuleap lacks cross-site request forgery (CSRF) protection in the management of Subversion (SVN) commit rules and immutable tags. An attacker could exploit this to trick users into modifying the commit rules or immutable tags of an SVN repository. Cross-site request forgery is a type of web security flaw that allows an attacker to induce a user to perform actions on a web application in which they are currently authenticated.

Recommendations Tuleap Community Edition versions prior to 16.13.99.1761813675 should be updated to version 16.13.99.1761813675 or later. Tuleap Enterprise Edition versions prior to 16.13-5 should be updated to version 16.13-5 or later. Tuleap Enterprise Edition versions prior to 16.12-8 should be updated to version 16.12-8 or later.