PT-2025-46724 · Unknown · Subversion+2
Published
2025-11-12
·
Updated
2025-11-13
·
CVE-2025-64482
CVSS v3.1
4.6
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Tuleap Community Edition versions prior to 16.13.99.1762267347
Tuleap Enterprise Edition versions prior to 17.01
Tuleap Enterprise Edition versions prior to 16.13-6
Tuleap Enterprise Edition versions prior to 16.12-9
Description
Tuleap is an Open Source Suite designed to improve software development management and collaboration. The file release system lacks cross-site request forgery protections. An attacker could exploit this to trick users into modifying commit rules or immutable tags within a Subversion repository. The affected functionality involves manipulating SVN repositories.
Recommendations
Update Tuleap Community Edition to version 16.13.99.1762267347 or later.
Update Tuleap Enterprise Edition to version 17.01 or later.
Update Tuleap Enterprise Edition to version 16.13-6 or later.
Update Tuleap Enterprise Edition to version 16.12-9 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Subversion
Tuleap Community Edition
Tuleap Enterprise Edition