Time-Based Blind SQL Injection Vulnerability in Taiga Project Management Platform
CVE-2025-62367

4.8MEDIUM

Key Information:

Vendor: Taigaio
Status: Taiga-back
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-62367?

The Taiga API, utilized by the open source project management platform Taiga, is susceptible to a time-based blind SQL injection vulnerability in versions up to 6.8.3. This weakness allows attackers to exploit the response timing of the API, leading to potential sensitive data exposure. The issue has been addressed in version 6.9.0, highlighting the importance of timely updates to ensure the security of user data and the integrity of the application.

Affected Version(s)

taiga-back < 6.9.0

References

https://github.com/taigaio/taiga-back/security/advisories...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Oct 10, 2025

CVE-2025-62367 Data

JSON

Taigaio

What is CVE-2025-62367?

Affected Version(s)

References

CVSS V3.1

Timeline