Vulnerability Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious users with some control over certain artifacts could insert malicious code when displaying the children of a parent artifact to force victims to execute the uncontrolled code. This is fixed in version Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 16.8-5 |
Related Weaknesses (CWE)
References
- http://github.com/Enalean/tuleap/commit/c1aec8247697d63dc4af791ecd6bd70d105ded08Patch
- https://github.com/Enalean/tuleap/security/advisories/GHSA-6r66-j76j-rwhwVendor Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=c1aec8247697d63dcPermissions Required
- https://tuleap.net/plugins/tracker/?aid=43693Vendor Advisory
- https://tuleap.net/plugins/tracker/?aid=43693Vendor Advisory
FAQ
What is CVE-2025-53541?
CVE-2025-53541 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition...
How severe is CVE-2025-53541?
CVE-2025-53541 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53541?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.