Unrated severityNVD Advisory· Published Jul 29, 2025· Updated Jul 29, 2025
Tuleap vulnerable to user enumeration via the lost password form
CVE-2025-52899
Description
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed in Tuleap Community Edition version 16.9.99.1750843170 and Tuleap Enterprise Edition 16.8-4 and 16.9-2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/Enalean/tuleap/commit/5c72d6d253016d38ed472eb7918f772d074ddb07mitrex_refsource_MISC
- github.com/Enalean/tuleap/security/advisories/GHSA-xqf3-xxxf-x3c2mitrex_refsource_CONFIRM
- tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
- tuleap.net/plugins/tracker/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.