Vulnerability Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 16.8-4 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb0Patch
- https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2Third Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ePermissions Required
- https://tuleap.net/plugins/tracker/?aid=43674Issue TrackingVendor Advisory
FAQ
What is CVE-2025-52899?
CVE-2025-52899 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition...
How severe is CVE-2025-52899?
CVE-2025-52899 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52899?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.