Vulnerability Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. This issue has been fixed in Tuleap Community Edition version 16.10.99.1754050155 and Tuleap Enterprise Edition versions 16.9-8 and 16.10-5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enalean | Tuleap | < 16.9-8 |
Related Weaknesses (CWE)
References
- https://github.com/Enalean/tuleap/commit/b0c1328f96135ee6a3f84d0847be5f843eafa59Patch
- https://github.com/Enalean/tuleap/security/advisories/GHSA-m5qc-c3q5-2p29Third Party Advisory
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b0c1328f96135ee6aBroken Link
- https://tuleap.net/plugins/tracker/?aid=44068Vendor Advisory
FAQ
What is CVE-2025-54877?
CVE-2025-54877 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition...
How severe is CVE-2025-54877?
CVE-2025-54877 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-54877?
Check the references section above for vendor advisories and patch information. Affected products include: Enalean Tuleap.