Vulnerability Details CVE-2025-64497
Tuleap is an Open Source Suite for management of software development and collaboration. Versions below 17.0.99.1762431347 of Tuleap Community Edition and Tuleap Enterprise Edition below 17.0-2, 16.13-7 and 16.12-10 allow attackers to access file release system information in projects they do not have access to. This issue is fixed in version 17.0.99.1762431347 of the Tuleap Community Edition and versions 17.0-2, 16.13-7 and 16.12-10 of Tuleap Enterprise Edition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.3%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/Enalean/tuleap/commit/403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://github.com/Enalean/tuleap/security/advisories/GHSA-v6vm-6rxf-7p2v
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=403eb69f4cfafe52254c8f9bdbe66e1fedadc254
- https://tuleap.net/plugins/tracker/?aid=45583
Products affected by CVE-2025-64497
-
cpe:2.3:a:enalean:tuleap:*
-
cpe:2.3:a:enalean:tuleap:-
-
cpe:2.3:a:enalean:tuleap:11.15-1
-
cpe:2.3:a:enalean:tuleap:11.15-8
-
cpe:2.3:a:enalean:tuleap:11.16-1
-
cpe:2.3:a:enalean:tuleap:11.16-6
-
cpe:2.3:a:enalean:tuleap:11.16-7
-
cpe:2.3:a:enalean:tuleap:11.16.99.173
-
cpe:2.3:a:enalean:tuleap:11.17-1
-
cpe:2.3:a:enalean:tuleap:11.17-5
-
cpe:2.3:a:enalean:tuleap:11.17.99.144
-
cpe:2.3:a:enalean:tuleap:11.17.99.146
-
cpe:2.3:a:enalean:tuleap:12.10
-
cpe:2.3:a:enalean:tuleap:12.11-2
-
cpe:2.3:a:enalean:tuleap:12.9.99.228
-
cpe:2.3:a:enalean:tuleap:13.12-6
-
cpe:2.3:a:enalean:tuleap:13.6-5
-
cpe:2.3:a:enalean:tuleap:13.7-1
-
cpe:2.3:a:enalean:tuleap:13.7-4
-
cpe:2.3:a:enalean:tuleap:13.7.99.239
-
cpe:2.3:a:enalean:tuleap:13.8.99.49
-
cpe:2.3:a:enalean:tuleap:14.0
-
cpe:2.3:a:enalean:tuleap:14.0-3
-
cpe:2.3:a:enalean:tuleap:14.0.99.24
-
cpe:2.3:a:enalean:tuleap:14.10
-
cpe:2.3:a:enalean:tuleap:14.10-2
-
cpe:2.3:a:enalean:tuleap:14.10.99.4
-
cpe:2.3:a:enalean:tuleap:14.11.99.34
-
cpe:2.3:a:enalean:tuleap:14.12-1
-
cpe:2.3:a:enalean:tuleap:14.12-6
-
cpe:2.3:a:enalean:tuleap:14.4-7
-
cpe:2.3:a:enalean:tuleap:14.5
-
cpe:2.3:a:enalean:tuleap:14.5-2
-
cpe:2.3:a:enalean:tuleap:14.5.99.4
-
cpe:2.3:a:enalean:tuleap:14.7-7
-
cpe:2.3:a:enalean:tuleap:14.7.99.143
-
cpe:2.3:a:enalean:tuleap:14.7.99.76
-
cpe:2.3:a:enalean:tuleap:14.8
-
cpe:2.3:a:enalean:tuleap:14.8-3
-
cpe:2.3:a:enalean:tuleap:14.8.99.60
-
cpe:2.3:a:enalean:tuleap:14.9-5
-
cpe:2.3:a:enalean:tuleap:15.0-1
-
cpe:2.3:a:enalean:tuleap:15.0-9
-
cpe:2.3:a:enalean:tuleap:15.1-1
-
cpe:2.3:a:enalean:tuleap:15.1-8
-
cpe:2.3:a:enalean:tuleap:15.1-9
-
cpe:2.3:a:enalean:tuleap:15.10
-
cpe:2.3:a:enalean:tuleap:15.10-6
-
cpe:2.3:a:enalean:tuleap:15.10.99.128
-
cpe:2.3:a:enalean:tuleap:15.2
-
cpe:2.3:a:enalean:tuleap:15.2-1
-
cpe:2.3:a:enalean:tuleap:15.2-4
-
cpe:2.3:a:enalean:tuleap:15.2-5
-
cpe:2.3:a:enalean:tuleap:15.2.99.103
-
cpe:2.3:a:enalean:tuleap:15.2.99.49
-
cpe:2.3:a:enalean:tuleap:15.3-1
-
cpe:2.3:a:enalean:tuleap:15.3-6
-
cpe:2.3:a:enalean:tuleap:15.3.5
-
cpe:2.3:a:enalean:tuleap:15.4-1
-
cpe:2.3:a:enalean:tuleap:15.4-7
-
cpe:2.3:a:enalean:tuleap:15.4-8
-
cpe:2.3:a:enalean:tuleap:15.4.99.140
-
cpe:2.3:a:enalean:tuleap:15.5
-
cpe:2.3:a:enalean:tuleap:15.5-1
-
cpe:2.3:a:enalean:tuleap:15.5-4
-
cpe:2.3:a:enalean:tuleap:15.5-6
-
cpe:2.3:a:enalean:tuleap:15.5.99.76
-
cpe:2.3:a:enalean:tuleap:15.6-1
-
cpe:2.3:a:enalean:tuleap:15.6-5
-
cpe:2.3:a:enalean:tuleap:15.7-1
-
cpe:2.3:a:enalean:tuleap:15.7.99.6
-
cpe:2.3:a:enalean:tuleap:15.8-5
-
cpe:2.3:a:enalean:tuleap:15.9
-
cpe:2.3:a:enalean:tuleap:15.9-3
-
cpe:2.3:a:enalean:tuleap:15.9-8
-
cpe:2.3:a:enalean:tuleap:15.9.99.97
-
cpe:2.3:a:enalean:tuleap:16.0-7
-
cpe:2.3:a:enalean:tuleap:16.1
-
cpe:2.3:a:enalean:tuleap:16.1-4
-
cpe:2.3:a:enalean:tuleap:16.1.99.50
-
cpe:2.3:a:enalean:tuleap:16.10
-
cpe:2.3:a:enalean:tuleap:16.10-5
-
cpe:2.3:a:enalean:tuleap:16.10.99.1754050155
-
cpe:2.3:a:enalean:tuleap:16.2-5
-
cpe:2.3:a:enalean:tuleap:16.2-7
-
cpe:2.3:a:enalean:tuleap:16.3
-
cpe:2.3:a:enalean:tuleap:16.3-10
-
cpe:2.3:a:enalean:tuleap:16.3-11
-
cpe:2.3:a:enalean:tuleap:16.3-2
-
cpe:2.3:a:enalean:tuleap:16.3-5
-
cpe:2.3:a:enalean:tuleap:16.3-9
-
cpe:2.3:a:enalean:tuleap:16.3.99.1736242932
-
cpe:2.3:a:enalean:tuleap:16.3.99.1737562605
-
cpe:2.3:a:enalean:tuleap:16.4
-
cpe:2.3:a:enalean:tuleap:16.4-10
-
cpe:2.3:a:enalean:tuleap:16.4-4
-
cpe:2.3:a:enalean:tuleap:16.4-5
-
cpe:2.3:a:enalean:tuleap:16.4-6
-
cpe:2.3:a:enalean:tuleap:16.4-8
-
cpe:2.3:a:enalean:tuleap:16.4.99.1739877910
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740067916
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740414959
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740492866
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740498975
-
cpe:2.3:a:enalean:tuleap:16.4.99.1740567344
-
cpe:2.3:a:enalean:tuleap:16.5
-
cpe:2.3:a:enalean:tuleap:16.5-3
-
cpe:2.3:a:enalean:tuleap:16.5-5
-
cpe:2.3:a:enalean:tuleap:16.5-6
-
cpe:2.3:a:enalean:tuleap:16.5.99.1741784483
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742306712
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742392651
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742562878
-
cpe:2.3:a:enalean:tuleap:16.5.99.1742812323
-
cpe:2.3:a:enalean:tuleap:16.7-5
-
cpe:2.3:a:enalean:tuleap:16.8
-
cpe:2.3:a:enalean:tuleap:16.8-3
-
cpe:2.3:a:enalean:tuleap:16.8-4
-
cpe:2.3:a:enalean:tuleap:16.8-5
-
cpe:2.3:a:enalean:tuleap:16.8-6
-
cpe:2.3:a:enalean:tuleap:16.8.99.1748845907
-
cpe:2.3:a:enalean:tuleap:16.8.99.1749830289
-
cpe:2.3:a:enalean:tuleap:16.9
-
cpe:2.3:a:enalean:tuleap:16.9-1
-
cpe:2.3:a:enalean:tuleap:16.9-2
-
cpe:2.3:a:enalean:tuleap:16.9-3
-
cpe:2.3:a:enalean:tuleap:16.9-5
-
cpe:2.3:a:enalean:tuleap:16.9-8
-
cpe:2.3:a:enalean:tuleap:16.9.99.1750843170
-
cpe:2.3:a:enalean:tuleap:16.9.99.1751892857
-
cpe:2.3:a:enalean:tuleap:16.9.99.1752585665