Vulnerability Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5, users may potentially access confidential information from artifacts that they are not authorized to view. This is fixed in Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition prior to 16.8-6 and 16.9-5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 16.8-6 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/commit/ebe054df8a2672afee41af84e5ba14b57ef8b78Patch
- https://github.com/Enalean/tuleap/security/advisories/GHSA-6f24-5v47-rj6jThird Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=ebe054df8a2672afePermissions Required
- https://tuleap.net/plugins/tracker/?aid=43704ExploitVendor Advisory
FAQ
What is CVE-2025-53902?
CVE-2025-53902 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1752585665 and Tuleap Enterprise Edition...
How severe is CVE-2025-53902?
CVE-2025-53902 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53902?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.