Cross-Site Request Forgery Vulnerability in Tuleap Open Source Suite
CVE-2025-64482
What is CVE-2025-64482?
Tuleap, an open-source suite aimed at enhancing software development management and collaboration, is susceptible to cross-site request forgery in its file release system. This vulnerability is present in the Tuleap Community Edition and certain versions of the Tuleap Enterprise Edition prior to specified updates. An attacker may exploit this flaw to manipulate commit rules or immutable tags of SVN repositories, posing a significant risk to the integrity of software projects managed within Tuleap. Users are advised to update their installations to the latest versions to mitigate potential exploitation.
Affected Version(s)
tuleap Tuleap Community Edition < 16.13.99.1762267347 < Tuleap Community Edition 16.13.99.1762267347
tuleap Tuleap Enterprise Edition < 17.0-1 < Tuleap Enterprise Edition 17.0-1
tuleap Tuleap Enterprise Edition < 16.13-6 < Tuleap Enterprise Edition 16.13-6