CVE-2025-64482
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: GitHub, Inc.

Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap Community Edition prior to version 16.13.99.1762267347 and Tuleap Enterprise Edition prior to versions 17.01-, 16.13-6, and 16.12-9 don't have cross-site request forgery protections in the file release system. An attacker could use this vulnerability to trick victims into changing the commit rules or immutable tags of a SVN repo. Tuleap Community Edition 16.13.99.1762267347, Tuleap Enterprise Edition 17.0-1, Tuleap Enterprise Edition 16.13-6, and Tuleap Enterprise Edition 16.12-9 fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-14
NVD
CVE-2025-64482
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
tuleap tuleap_enterprise_edition 17.0-1
tuleap tuleap_enterprise_edition 16.13-6
tuleap tuleap_community_edition 16.13.99.1762267347
tuleap tuleap_enterprise_edition 16.12-9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a lack of cross-site request forgery (CSRF) protections in the file release system of Tuleap software versions prior to certain fixed releases. An attacker could exploit this by tricking a victim into performing unauthorized actions, such as changing commit rules or immutable tags in a SVN repository managed by Tuleap.

Impact Analysis

The vulnerability could allow an attacker to manipulate SVN repository settings without authorization, potentially altering commit rules or immutable tags. This could lead to unauthorized changes in the software development process, impacting the integrity and reliability of the codebase.

Mitigation Strategies

Upgrade Tuleap Community Edition to version 16.13.99.1762267347 or later, or Tuleap Enterprise Edition to versions 17.0-1, 16.13-6, or 16.12-9 or later, as these versions include fixes for the cross-site request forgery vulnerability in the file release system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart