CVE-2025-27156 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2025-27156

CVE-2025-27156

March 04, 2025

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Related Resources (3)

https://github.com/Enalean/tuleap/commit/a0bc657297b405debce1f5bcbbb30c733f3f09bd

https://tuleap.net/plugins/tracker/?aid=42177

https://github.com/Enalean/tuleap/security/advisories/GHSA-x2v2-xr59-c9cf

Do you need more information?

CVSS v4

Base Score:

5.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

LOW

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

EPSS

Base Score:

0.23

Products

Solutions

Resources

Company

Compare

Developer Tools