CVE-2025-53902
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-29

Last updated on: 2025-08-22

Assigner: GitHub, Inc.

Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-29
Last Modified
2025-08-22
Generated
2026-05-07
AI Q&A
2025-07-29
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53902
EUVD
EUVD-2025-23039
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
enalean tuleap to 16.8-6 (exc)
enalean tuleap to 16.9.99.1752585665 (exc)
enalean tuleap From 16.9 (inc) to 16.9-5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-53902 is a moderate severity vulnerability in Tuleap software where users mentioned in email notifications about artifacts may gain unauthorized access to confidential information contained in those artifacts. This happens because the system sends email notifications including artifact content to mentioned users without properly checking if they have permission to view the artifact. The flaw is due to improper authorization (CWE-863) and allows bypassing access restrictions through email notifications. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of confidential information to users who should not have access to certain artifacts. If an attacker or unauthorized user is mentioned in an artifact comment, they may receive an email containing sensitive artifact content, potentially exposing confidential data. The impact is limited to confidentiality with no effect on integrity or availability, but it can compromise sensitive information security. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

To mitigate CVE-2025-53902, immediately upgrade Tuleap Community Edition to version 16.9.99.1752585665 or later, or Tuleap Enterprise Edition to versions 16.8-6 or 16.9-5 or later. This update contains the fix that prevents unauthorized users from receiving confidential artifact content in email notifications when mentioned. Additionally, review and restrict user permissions related to artifact access and mentions until the patch is applied. [1, 2, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart