CVE-2025-64760

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 17.0.99.1763126988 Tuleap versions prior to 17.0-3 Tuleap versions prior to 16.13-8

Description Tuleap, a free and open source suite for software development and collaboration, is affected by missing Cross-Site Request Forgery (CSRF) protections. This allows attackers to create or remove tracker triggers.

Recommendations Update Tuleap Community Edition to version 17.0.99.1763126988. Update Tuleap Enterprise Edition to version 17.0-3. Update Tuleap Enterprise Edition to version 16.13-8.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-64760

GHSA-F2XV-X3G6-4J9P

Affected Products

Tuleap

CVE-2025-64760

Weakness Enumeration

Related Identifiers

Affected Products

References · 9