Access Control Weakness in Tuleap Open Source Suite by Enalean
CVE-2025-54877

5.3MEDIUM

Key Information:

Vendor: Enalean
Status: Tuleap
Vendor: CVE Published:; 29 August 2025

🔔 Create Enalean Vulnerability Alert

What is CVE-2025-54877?

In Tuleap, an open-source suite for software development management, an access control vulnerability exists that allows attackers to view sensitive content in artifacts regardless of their permission settings. This issue occurs in Tuleap Community Edition and Enterprise Edition versions prior to specific updates, and it has been addressed in the latest releases, enhancing the security of artifact management.

Affected Version(s)

tuleap Tuleap Community Edition < 16.10.99.1754050155 < Tuleap Community Edition 16.10.99.1754050155

tuleap Tuleap Enterprise Edition < 16.10-5 < Tuleap Enterprise Edition 16.10-5

tuleap Tuleap Enterprise Edition < 16.9-8 < Tuleap Enterprise Edition 16.9-8

References

https://github.com/Enalean/tuleap/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/Enalean/tuleap/commit/b0c1328f96135ee6...

x_refsource_MISC

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Jul 31, 2025

.

CVE-2025-54877 : Access Control Weakness in Tuleap Open Source Suite by Enalean