Remote Code Execution Vulnerability in Taiga Project Management Platform
CVE-2025-62368

9.1CRITICAL

Key Information:

Vendor: Taigaio
Status: Taiga-back
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-62368?

The Taiga project management platform, in versions up to and including 6.8.3, is susceptible to a remote code execution vulnerability due to unsafe deserialization of untrusted data in the Taiga API. This security flaw allows an attacker to execute arbitrary code remotely, potentially compromising the system. Users are strongly advised to update to version 6.9.0 or later to mitigate the risk associated with this vulnerability. For more detailed information, visit the official advisory on GitHub.

Affected Version(s)

taiga-back < 6.9.0

References

https://github.com/taigaio/taiga-back/security/advisories...

x_refsource_CONFIRM

EPSS Score

64% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Oct 10, 2025

CVE-2025-62368 Data

JSON

Taigaio

What is CVE-2025-62368?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline