{"id":"CVE-2025-64498","summary":"Tuleap has a Cross-Site Request Forgery (CSRF) vulnerability","details":"Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to  17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.","aliases":["GHSA-vxfh-h8p6-p5rg"],"modified":"2026-04-10T05:34:01.422381Z","published":"2025-12-08T22:36:26.283Z","database_specific":{"cwe_ids":["CWE-352"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64498.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64498.json"},{"type":"FIX","url":"https://github.com/Enalean/tuleap/commit/993316dd6a291bb3937cb7a4571eaab0e7d55370"},{"type":"ADVISORY","url":"https://github.com/Enalean/tuleap/security/advisories/GHSA-vxfh-h8p6-p5rg"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64498"},{"type":"WEB","url":"https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=993316dd6a291bb3937cb7a4571eaab0e7d55370"},{"type":"WEB","url":"https://tuleap.net/plugins/tracker/?aid=45593"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/enalean/tuleap","events":[{"introduced":"0"},{"fixed":"993316dd6a291bb3937cb7a4571eaab0e7d55370"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64498.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"16.12-10"}]},{"events":[{"introduced":"0"},{"fixed":"17.0.99.1762444754"}]},{"events":[{"introduced":"16.13"},{"fixed":"16.13-7"}]},{"events":[{"introduced":"17.0"},{"fixed":"17.0-2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"}]}