CVE-2025-52899

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07
https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07
https://tuleap.net/plugins/tracker/?aid=43674

Configurations

No configuration.

History

31 Jul 2025, 18:42

Type	Values Removed	Values Added
Summary		(es) Tuleap es una suite de código abierto creada para facilitar la gestión del desarrollo de software y la colaboración. En Tuleap Community Edition anterior a la versión 16.9.99.1750843170 y en Tuleap Enterprise Edition anterior a la 16.8-4 y 16.9-2, el formulario de contraseña olvidada permite la enumeración de usuarios. Esto se ha corregido en Tuleap Community Edition versión 16.9.99.1750843170 y en Tuleap Enterprise Edition 16.8-4 y 16.9-2.

29 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-29 20:15

Updated : 2025-07-31 18:42

NVD link : CVE-2025-52899

Mitre link : CVE-2025-52899

CVE.ORG link : CVE-2025-52899

JSON object : View

Products Affected

No product.

CWE

CWE-204

Observable Response Discrepancy

{"id": "CVE-2025-52899", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-07-29T20:15:28.147", "references": [{"url": "https://github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07", "source": "security-advisories@github.com"}, {"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2", "source": "security-advisories@github.com"}, {"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=5c72d6d253016d38ed472eb7918f772d074ddb07", "source": "security-advisories@github.com"}, {"url": "https://tuleap.net/plugins/tracker/?aid=43674", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2."}, {"lang": "es", "value": "Tuleap es una suite de c\u00f3digo abierto creada para facilitar la gesti\u00f3n del desarrollo de software y la colaboraci\u00f3n. En Tuleap Community Edition anterior a la versi\u00f3n 16.9.99.1750843170 y en Tuleap Enterprise Edition anterior a la 16.8-4 y 16.9-2, el formulario de contrase\u00f1a olvidada permite la enumeraci\u00f3n de usuarios. Esto se ha corregido en Tuleap Community Edition versi\u00f3n 16.9.99.1750843170 y en Tuleap Enterprise Edition 16.8-4 y 16.9-2."}], "lastModified": "2025-07-31T18:42:56.503", "sourceIdentifier": "security-advisories@github.com"}