PT-2025-9689 · Tuleap · Tuleap

Marie Ange Garnier

Published

2025-03-04

Updated

2025-03-05

CVE-2025-27401

CVSS v3.1

4.6

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 16.4.99.1740498975 (Community Edition) Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11

Description The issue has a limited impact in standard usage, mostly resulting in dangling data. However, a malicious user with access to one tracker could create and delete reports multiple times, cycling through all filters of all reports and deleting them, leading to the loss of all criteria filters. This would force users and tracker admins to re-create them.

Recommendations For Tuleap Community Edition versions prior to 16.4.99.1740498975, update to version 16.4.99.1740498975 or later. For Tuleap Enterprise Edition versions prior to 16.4-6, update to version 16.4-6 or later. For Tuleap Enterprise Edition version 16.3, update to version 16.3-11 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-440

Related Identifiers

CVE-2025-27401

GHSA-3RJF-87RF-H8M9

Affected Products

Tuleap

PT-2025-9689 · Tuleap · Tuleap

CVE-2025-27401

Weakness Enumeration

Related Identifiers

Affected Products

References · 8