CVE-2025-64498
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-08

Last updated on: 2025-12-10

Assigner: GitHub, Inc.

Description
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-08
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64498
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tuleap tuleap_enterprise_edition *
tuleap tuleap_community_edition *
enalean tuleap to 16.12-10 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Tuleap (both Community and Enterprise Editions) allows attackers to trick victims into changing tracker general settings. Essentially, an attacker can manipulate a user to alter configuration settings of trackers within the software, potentially without proper authorization. This issue affects versions prior to the fixed releases mentioned.

Impact Analysis

The impact of this vulnerability is that an attacker could cause unauthorized changes to tracker general settings, which may lead to integrity issues or availability problems within the software development management environment. According to the CVSS score, the impact on confidentiality is none, but there is a low impact on integrity and availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade Tuleap Community Edition to version 17.0.99.1762444754 or later, or Tuleap Enterprise Edition to versions 17.0-2, 16.13-7, or 16.12-10 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64498. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart