Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2025-30209

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10.

Published: Mar 31, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-30209
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
enalean / tuleap	-	16.4-10
enalean / tuleap	-	16.5.99.1742812323
enalean / tuleap	16.5	16.5-6

https://github.com/Enalean/tuleap/commit/34af2d5d10b0349967129f53427f495815e5bbcc
https://github.com/Enalean/tuleap/security/advisories/GHSA-hcp5-pmpm-mgwh
https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=34af2d5d10b0349967129f53427f495815e5bbcc
https://tuleap.net/plugins/tracker/?aid=42251

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo