CVE-2025-64117
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tuleap | tuleap | 16.13.99.1761813675 |
| tuleap | tuleap | 16.12-8 |
| tuleap | tuleap | 16.13-5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a lack of cross-site request forgery (CSRF) protection in Tuleap's management of SVN commit rules and immutable tags. An attacker could exploit this by tricking a user into making unauthorized changes to the commit rules or immutable tags of an SVN repository.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to manipulate SVN commit rules or immutable tags without authorization, potentially leading to unauthorized changes in the software development process, which may affect the integrity and reliability of the codebase.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Tuleap Community Edition to version 16.13.99.1761813675 or later, or Tuleap Enterprise Edition to versions 16.13-5, 16.12-8 or later, as these versions contain the fix for the cross-site request forgery vulnerability in the management of SVN commit rules and immutable tags.