Vulnerability in Tuleap Community and Enterprise Editions Affecting Software Management
CVE-2025-48991

4.6MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
25 June 2025

What is CVE-2025-48991?

An input validation vulnerability in Tuleap allows attackers to exploit the system by tricking users into altering canned responses. This flaw exists in Tuleap Community Edition versions prior to 16.8.99.1748845907 and in Tuleap Enterprise Edition versions prior to 16.8-3 and 16.7-5. The security fix provided in the latest updates addresses this issue, ensuring the integrity and functionality of responses within the software, thereby enhancing overall security during software development and collaboration.

Affected Version(s)

tuleap < 16.8.99.1748845907 < 16.8.99.1748845907

tuleap < 16.8-3 < 16.8-3

tuleap < 16.7-5 < 16.7-5

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/cbf9b2a38e33dfd7...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-48991 : Vulnerability in Tuleap Community and Enterprise Editions Affecting Software Management