CVE-2025-22129

Exploit

EPSS 0.11%
Veröffentlicht 03.02.2025 22:15:28
Zuletzt bearbeitet 22.08.2025 16:19:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 16.2-5

Enalean ≫ Tuleap SwEditioncommunity Version < 16.3.99.1736242932

Enalean ≫ Tuleap SwEditionenterprise Version >= 16.3 < 16.3-2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.299

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-280 Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76

Patch

Third Party Advisory

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=3edf8158ba40be66f0b661888b8b2805784795d1

Permissions Required

https://tuleap.net/plugins/tracker/?aid=41434

Patch

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-22129

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-22129

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-22129

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-22129