CVE-2025-62368
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-10-30
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taiga | taiga | 6.8.3 |
| taiga | taiga | 6.9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Taiga, an open source project management platform, exists in versions 6.8.3 and earlier. It is a remote code execution vulnerability caused by unsafe deserialization of untrusted data in the Taiga API. This means that an attacker could potentially execute arbitrary code on the server by sending specially crafted data to the API. The issue is fixed in version 6.9.0.
How can this vulnerability impact me? :
The vulnerability allows remote code execution, which means an attacker could gain control over the affected system, potentially leading to full compromise. This can result in unauthorized access, data theft, data modification, service disruption, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Taiga to version 6.9.0 or later, as this version contains the fix for the remote code execution vulnerability caused by unsafe deserialization of untrusted data.