CVE-2025-64499

EPSS 0.02%
Veröffentlicht 08.12.2025 22:44:29
Zuletzt bearbeitet 10.12.2025 21:03:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Enalean ≫ Tuleap SwEditionenterprise Version < 16.12-10

Enalean ≫ Tuleap SwEditioncommunity Version < 17.0.99.1762456922

Enalean ≫ Tuleap SwEditionenterprise Version >= 16.13 < 16.13-7

Enalean ≫ Tuleap SwEditionenterprise Version >= 17.0 < 17.0-2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
security-advisories@github.com	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/Enalean/tuleap/security/advisories/GHSA-9h47-jg7r-ww7x

Vendor Advisory

https://github.com/Enalean/tuleap/commit/1734a7bb2964042310ddc3f6dd7b4c82eee27526

Patch

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=1734a7bb2964042310ddc3f6dd7b4c82eee27526

Patch

Broken Link

https://tuleap.net/plugins/tracker/?aid=45592

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-64499

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64499

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64499

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64499