Cross-Site Request Forgery Vulnerability in Tuleap Open Source Suite
CVE-2025-64117

4.6MEDIUM

Key Information:

Vendor: Enalean
Status: Tuleap
Vendor: CVE Published:; 12 November 2025

🔔 Create Enalean Vulnerability Alert

What is CVE-2025-64117?

Tuleap, the collaborative open-source software development suite, is susceptible to a cross-site request forgery vulnerability affecting its management of SVN commit rules and immutable tags. This flaw allows an attacker to manipulate commit rules or tags, posing a serious risk to project integrity. To mitigate this, users are encouraged to upgrade to Tuleap Community Edition version 16.13.99.1761813675 or Tuleap Enterprise Edition versions 16.13-5 and 16.12-8, which include the necessary security fixes.

Affected Version(s)

tuleap Tuleap Community Edition < 16.13.99.1761813675 < Tuleap Community Edition 16.13.99.1761813675

tuleap Tuleap Enterprise Edition < 16.13-5 < Tuleap Enterprise Edition 16.13-5

tuleap Tuleap Enterprise Edition < 16.12-8 < Tuleap Enterprise Edition 16.12-8

References

https://github.com/Enalean/tuleap/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/Enalean/tuleap/commit/f49419f63edbbaa3...

x_refsource_MISC

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 27, 2025

.

CVE-2025-64117 : Cross-Site Request Forgery Vulnerability in Tuleap Open Source Suite