cbcvebase.
CVE-2025-64498
published 2025-12-08

CVE-2025-64498: Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap…

PriorityP422medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.12%
2.3th percentile
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

Affected

8 ranges
VendorProductVersion rangeFixed in
enaleantuleap< 16.12-1016.12-10
enaleantuleap< 17.0.99.176244475417.0.99.1762444754
enaleantuleap
enaleantuleap
enaleantuleap
enaleantuleap
enaleantuleap>= 16.13 < 16.13-716.13-7
enaleantuleap>= 17.0 < 17.0-217.0-2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.