CVE-2025-64497

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tuleap Community Edition versions prior to 17.0.99.1762431347 Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7, and 16.12-10

Description Tuleap is an Open Source Suite for management of software development and collaboration. Insufficient access controls in versions below 17.0.99.1762431347 of Tuleap Community Edition and below 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition allow attackers to access file release system information in projects to which they do not have authorized access.

Recommendations Update Tuleap Community Edition to version 17.0.99.1762431347 or later. Update Tuleap Enterprise Edition to version 17.0-2, 16.13-7, or 16.12-10 or later.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-64497

GHSA-V6VM-6RXF-7P2V

Affected Products

Tuleap Community Edition

Tuleap Enterprise Edition

CVE-2025-64497

Weakness Enumeration

Related Identifiers

Affected Products

References · 9