Cross-Site Request Forgery Vulnerability in Tuleap Software Management Suite
CVE-2025-65962

4.6MEDIUM

Key Information:

Vendor: Enalean
Status: Tuleap
Vendor: CVE Published:; 8 December 2025

🔔 Create Enalean Vulnerability Alert

What is CVE-2025-65962?

Tuleap, an open-source suite for software development and collaboration, is susceptible to a CSRF vulnerability that exists in its tracker field dependencies. This weakness allows attackers to perform unauthorized changes to tracker fields, thereby compromising the integrity of the application. The vulnerabilities have been addressed in Tuleap Community Edition version 17.0.99.1763803709 and Tuleap Enterprise Edition versions 17.0-4 and 16.13-9.

Affected Version(s)

tuleap Tuleap Community Edition < 17.0.99.1763803709 < Tuleap Community Edition 17.0.99.1763803709

tuleap Tuleap Enterprise Edition < 17.0-4 < Tuleap Enterprise Edition 17.0-4

tuleap Tuleap Enterprise Edition < 16.13-9 < Tuleap Enterprise Edition 16.13-9

References

https://github.com/Enalean/tuleap/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/Enalean/tuleap/commit/26678c5b411042e6...

x_refsource_MISC

https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=com...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Nov 18, 2025

.

CVE-2025-65962 : Cross-Site Request Forgery Vulnerability in Tuleap Software Management Suite