Data Manipulation Vulnerability in Tuleap by Enalean
CVE-2025-27401

4.6MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
4 March 2025

What is CVE-2025-27401?

A data manipulation vulnerability in Tuleap allows authorized users to create and delete reports repeatedly. This action can lead to the unintended deletion of critical filters across instances, forcing users and tracker administrators to restore them manually. While this issue typically results in limited impact, it can disrupt workflow and data management in environments where users rely on specific criteria filters for tracking and reporting.

Affected Version(s)

tuleap < 16.4.99.1740498975

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/0070fef5c3b27fd4...
x_refsource_MISC
https://tuleap.net/plugins/tracker/?aid=41850
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.