Vulnerability Details CVE-2025-48991
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into changing the canned responses. Tuleap Community Edition 16.8.99.1748845907, Tuleap Enterprise Edition 16.8-3, and Tuleap Enterprise Edition 16.7-5 contain a fix for the vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.8%
CVSS Severity
CVSS v3 Score 4.6
References
- https://github.com/Enalean/tuleap/commit/cbf9b2a38e33dfd755dc2ccf074126b598a78274
- https://github.com/Enalean/tuleap/security/advisories/GHSA-px9r-875r-w534
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=cbf9b2a38e33dfd755dc2ccf074126b598a78274
- https://tuleap.net/plugins/tracker/?aid=43326
Products affected by CVE-2025-48991
-
cpe:2.3:a:enalean:tuleap:-
-
cpe:2.3:a:enalean:tuleap:11.15-1
-
cpe:2.3:a:enalean:tuleap:11.15-8
-
cpe:2.3:a:enalean:tuleap:11.16-1
-
cpe:2.3:a:enalean:tuleap:11.16-6
-
cpe:2.3:a:enalean:tuleap:11.16-7
-
cpe:2.3:a:enalean:tuleap:11.16.99.173
-
cpe:2.3:a:enalean:tuleap:11.17-1
-
cpe:2.3:a:enalean:tuleap:11.17-5
-
cpe:2.3:a:enalean:tuleap:11.17.99.144
-
cpe:2.3:a:enalean:tuleap:11.17.99.146
-
cpe:2.3:a:enalean:tuleap:12.10
-
cpe:2.3:a:enalean:tuleap:12.11-2
-
cpe:2.3:a:enalean:tuleap:12.9.99.228
-
cpe:2.3:a:enalean:tuleap:13.12-6
-
cpe:2.3:a:enalean:tuleap:13.6-5
-
cpe:2.3:a:enalean:tuleap:13.7-1
-
cpe:2.3:a:enalean:tuleap:13.7-4
-
cpe:2.3:a:enalean:tuleap:13.7.99.239
-
cpe:2.3:a:enalean:tuleap:13.8.99.49
-
cpe:2.3:a:enalean:tuleap:14.0
-
cpe:2.3:a:enalean:tuleap:14.0-3
-
cpe:2.3:a:enalean:tuleap:14.0.99.24
-
cpe:2.3:a:enalean:tuleap:14.10
-
cpe:2.3:a:enalean:tuleap:14.10-2
-
cpe:2.3:a:enalean:tuleap:14.10.99.4
-
cpe:2.3:a:enalean:tuleap:14.11.99.34
-
cpe:2.3:a:enalean:tuleap:14.12-1
-
cpe:2.3:a:enalean:tuleap:14.12-6
-
cpe:2.3:a:enalean:tuleap:14.4-7
-
cpe:2.3:a:enalean:tuleap:14.5
-
cpe:2.3:a:enalean:tuleap:14.5-2
-
cpe:2.3:a:enalean:tuleap:14.5.99.4
-
cpe:2.3:a:enalean:tuleap:14.7-7
-
cpe:2.3:a:enalean:tuleap:14.7.99.143
-
cpe:2.3:a:enalean:tuleap:14.7.99.76
-
cpe:2.3:a:enalean:tuleap:14.8
-
cpe:2.3:a:enalean:tuleap:14.8-3
-
cpe:2.3:a:enalean:tuleap:14.8.99.60
-
cpe:2.3:a:enalean:tuleap:14.9-5
-
cpe:2.3:a:enalean:tuleap:15.0-1
-
cpe:2.3:a:enalean:tuleap:15.0-9
-
cpe:2.3:a:enalean:tuleap:15.1-1
-
cpe:2.3:a:enalean:tuleap:15.1-8
-
cpe:2.3:a:enalean:tuleap:15.1-9
-
cpe:2.3:a:enalean:tuleap:15.10
-
cpe:2.3:a:enalean:tuleap:15.10-6
-
cpe:2.3:a:enalean:tuleap:15.10.99.128
-
cpe:2.3:a:enalean:tuleap:15.2
-
cpe:2.3:a:enalean:tuleap:15.2-1
-
cpe:2.3:a:enalean:tuleap:15.2-4
-
cpe:2.3:a:enalean:tuleap:15.2-5
-
cpe:2.3:a:enalean:tuleap:15.2.99.103
-
cpe:2.3:a:enalean:tuleap:15.2.99.49
-
cpe:2.3:a:enalean:tuleap:15.3-1
-
cpe:2.3:a:enalean:tuleap:15.3-6
-
cpe:2.3:a:enalean:tuleap:15.3.5
-
cpe:2.3:a:enalean:tuleap:15.4-1
-
cpe:2.3:a:enalean:tuleap:15.4-7
-
cpe:2.3:a:enalean:tuleap:15.4-8
-
cpe:2.3:a:enalean:tuleap:15.4.99.140
-
cpe:2.3:a:enalean:tuleap:15.5
-
cpe:2.3:a:enalean:tuleap:15.5-1
-
cpe:2.3:a:enalean:tuleap:15.5-4
-
cpe:2.3:a:enalean:tuleap:15.5-6
-
cpe:2.3:a:enalean:tuleap:15.5.99.76
-
cpe:2.3:a:enalean:tuleap:15.6-1
-
cpe:2.3:a:enalean:tuleap:15.6-5
-
cpe:2.3:a:enalean:tuleap:15.7-1
-
cpe:2.3:a:enalean:tuleap:15.7.99.6
-
cpe:2.3:a:enalean:tuleap:15.8-5
-
cpe:2.3:a:enalean:tuleap:15.9
-
cpe:2.3:a:enalean:tuleap:15.9-3
-
cpe:2.3:a:enalean:tuleap:15.9-8
-
cpe:2.3:a:enalean:tuleap:15.9.99.97
-
cpe:2.3:a:enalean:tuleap:16.0-7
-
cpe:2.3:a:enalean:tuleap:16.1
-
cpe:2.3:a:enalean:tuleap:16.1-4
-
cpe:2.3:a:enalean:tuleap:16.1.99.50
-
cpe:2.3:a:enalean:tuleap:16.2-5
-
cpe:2.3:a:enalean:tuleap:16.2-7
-
cpe:2.3:a:enalean:tuleap:16.3
-
cpe:2.3:a:enalean:tuleap:16.3-10
-
cpe:2.3:a:enalean:tuleap:16.3-11
-
cpe:2.3:a:enalean:tuleap:16.3-2
-
cpe:2.3:a:enalean:tuleap:16.3-5
-
cpe:2.3:a:enalean:tuleap:16.3-9
-
cpe:2.3:a:enalean:tuleap:16.3.99.1736242932
-
cpe:2.3:a:enalean:tuleap:16.3.99.1737562605
-
cpe:2.3:a:enalean:tuleap:16.4
-
cpe:2.3:a:enalean:tuleap:16.4-10
-
cpe:2.3:a:enalean:tuleap:16.4-4
-
cpe:2.3:a:enalean:tuleap:16.4-5
-
cpe:2.3:a:enalean:tuleap:16.4-6
-
cpe:2.3:a:enalean:tuleap:16.4-8
-
cpe:2.3:a:enalean:tuleap:16.4.99.1739877910
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740067916
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740414959
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740492866
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740498975
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740567344
-
cpe:2.3:a:enalean:tuleap:16.5
-
cpe:2.3:a:enalean:tuleap:16.5-3
-
cpe:2.3:a:enalean:tuleap:16.5-5
-
cpe:2.3:a:enalean:tuleap:16.5-6
-
cpe:2.3:a:enalean:tuleap:16.5.99.1741784483
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742306712
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742392651
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742562878
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742812323
-
cpe:2.3:a:enalean:tuleap:16.8