CVE-2025-54877
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-09-03

Assigner: GitHub, Inc.

Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. This issue has been fixed in Tuleap Community Edition version 16.10.99.1754050155 and Tuleap Enterprise Edition versions 16.9-8 and 16.10-5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-09-03
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54877
EUVD
EUVD-2025-28572
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
enalean tuleap to 16.9-8 (exc)
enalean tuleap to 16.10.99.1754050155 (exc)
enalean tuleap From 16.10 (inc) to 16.10-5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-54877 is a moderate severity vulnerability in Tuleap software where permissions for certain special fields called "special" and "always there" fields are not properly checked during cross-tracker searches. This flaw allows an attacker to access the content of these fields in accessible artifacts even if the permissions on the underlying fields should prevent such access. The issue arises from incorrect authorization checks that fail to enforce intended access restrictions, enabling unauthorized read access to sensitive data without requiring any authentication or user interaction. [1, 2]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information contained in the special and always-present fields of artifacts within Tuleap. An attacker can remotely access this data without any privileges or user interaction, potentially exposing confidential information related to software development and collaboration projects. Although the impact is limited to confidentiality and does not affect integrity or availability, unauthorized data exposure can lead to privacy concerns and information leakage. [1, 2]

Mitigation Strategies

To mitigate CVE-2025-54877, immediately upgrade Tuleap Community Edition to version 16.10.99.1754050155 or later, or Tuleap Enterprise Edition to versions 16.9-8 or 16.10-5 or later. These versions include the patch that properly enforces permission checks on the special and always-present fields to prevent unauthorized access. Applying the official patch from Tuleap's repository (commit b0c1328f96135ee6a3f84d0847be5f843eafa590) is also recommended if upgrading is not immediately possible. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54877. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart