CSRF Vulnerability in Tuleap Software Management Suite by Enalean
CVE-2025-64760

4.6MEDIUM

Key Information:

Vendor

Enalean

Status
Tuleap
Vendor
CVE Published:
8 December 2025

What is CVE-2025-64760?

The Tuleap suite, a free and open-source solution for software development and collaboration managed by Enalean, contains a security flaw related to Cross-Site Request Forgery (CSRF). This vulnerability affects versions of the Tuleap Community Edition prior to 17.0.99.1763126988 and the Tuleap Enterprise Edition prior to versions 17.0-3 and 16.13-8. The flaw enables attackers to create or remove tracker triggers without proper authorization, leading to potential unauthorized changes in software development workflows. This issue has been rectified in the aforementioned later versions, where robust CSRF protections have been implemented.

Affected Version(s)

tuleap Tuleap Community Edition < 17.0.99.1763126988 < Tuleap Community Edition 17.0.99.1763126988

tuleap Tuleap Enterprise Edition < 17.0-3 < Tuleap Enterprise Edition 17.0-3

tuleap Tuleap Enterprise Edition < 16.13-8 < Tuleap Enterprise Edition 16.13-8

References

https://github.com/Enalean/tuleap/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/Enalean/tuleap/commit/71d427b0f7ed8fa2...
x_refsource_MISC
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64760 : CSRF Vulnerability in Tuleap Software Management Suite by Enalean