CVE-2025-22129
Last modified
CVE-2025-22129 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. EPSS estimates a 0.31% chance of exploitation in the next 30 days.
Description
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 16.2-5 |
| Enalean | Tuleap | < 16.3.99.1736242932 |
| Enalean | Tuleap | >= 16.3, < 16.3-2 |
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76Patch, Third Party Advisory
- https://tuleap.net/plugins/tracker/?aid=41434Exploit, Issue Tracking, Patch, Vendor Advisory
- https://tuleap.net/plugins/tracker/?aid=41434Exploit, Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-22129?
How severe is CVE-2025-22129?
How do I fix CVE-2025-22129?
Are you affected by CVE-2025-22129?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST