Unrated severityNVD Advisory· Published Aug 29, 2025· Updated Aug 29, 2025

Tuleap's special and always there fields permissions are not verified in cross-tracker search

CVE-2025-54877

Description

Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. This issue has been fixed in Tuleap Community Edition version 16.10.99.1754050155 and Tuleap Enterprise Edition versions 16.9-8 and 16.10-5.

Affected products

Enalean/Tuleapv5
Range: Tuleap Community Edition < 16.10.99.1754050155

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Enalean/tuleap/commit/b0c1328f96135ee6a3f84d0847be5f843eafa590mitrex_refsource_MISC
github.com/Enalean/tuleap/security/advisories/GHSA-m5qc-c3q5-2p29mitrex_refsource_CONFIRM
tuleap.net/plugins/git/tuleap/tuleap/stablemitrex_refsource_MISC
tuleap.net/plugins/tracker/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000