Code Injection Vulnerability in Tuleap Community and Enterprise Editions
CVE-2025-53541

5.4MEDIUM

Key Information:

Vendor: Enalean
Status: Tuleap
Vendor: CVE Published:; 29 July 2025

🔔 Create Enalean Vulnerability Alert

What is CVE-2025-53541?

A code injection vulnerability exists in the Tuleap platform, affecting both Community and Enterprise Editions. Malicious users with limited control over specific artifacts can exploit this flaw to inject and execute arbitrary code when displaying child artifacts. Users are advised to upgrade to the patched versions (Tuleap Community Edition 16.9.99.1751892857 and Tuleap Enterprise Editions 16.8-5 and 16.9-3) to mitigate risks associated with this vulnerability.

Affected Version(s)

tuleap Tuleap Community Edition < 16.9.99.1751892857 < Tuleap Community Edition 16.9.99.1751892857

tuleap Tuleap Enterprise Edition >= 16.9, < 16.9-3 < Tuleap Enterprise Edition 16.9, 16.9-3

tuleap Tuleap Enterprise Edition < 16.8-5 < Tuleap Enterprise Edition 16.8-5

References

https://github.com/Enalean/tuleap/security/advisories/GHS...

x_refsource_CONFIRM

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...

x_refsource_MISC

https://tuleap.net/plugins/tracker/?aid=43693

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Jul 2, 2025

.