CVE-2025-52899

Name: CVE-2025-52899
Creator: NVD / NIST
Published: 2025-07-29T20:15:28.147+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 0.28%

Last modified Jun 17, 2026

CVE-2025-52899 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. EPSS estimates a 0.28% chance of exploitation in the next 30 days.

Description

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.28%

19.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-204

Affected Software

Vendor	Product	Versions
Enalean	Tuleap	< 16.8-4
Enalean	Tuleap	< 16.9.99.1750843170
Enalean	Tuleap	>= 16.9, < 16.9-2

References

https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07Patch
https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2Third Party Advisory
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07Permissions Required
https://tuleap.net/plugins/tracker/?aid=43674Issue Tracking, Vendor Advisory

Timeline

Published: Jul 29, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-52899?

How severe is CVE-2025-52899?

CVE-2025-52899 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.28% probability of exploitation in the next 30 days.

How do I fix CVE-2025-52899?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-52899?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST