CVE-2025-52899

Tuleap vulnerable to user enumeration via the lost password form

CVSS 5.3 MEDIUMEPSS 0.3%CWE-204

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 jul 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Productos afectados

Enalean · tuleap

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07 https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07 https://tuleap.net/plugins/tracker/?aid=43674