Home > Vulnerability Database > CVE-2025-59040

Mend.io Vulnerability Database

CVE-2025-59040

Good to know:

Date: September 18, 2025

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.11.99.1757427600 and Tuleap Enterprise Edition 16.11-6 and 16.10-8.

Severity Score

4.3

Related Resources (6)

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=92e4aa2d830a624a9183206c1c3558b90b8a5525

Url: https://github.com/Enalean/tuleap/commit/92e4aa2d830a624a9183206c1c3558b90b8a5525

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59040

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-67xc-39v9-pffg

Url: https://tuleap.net/plugins/tracker/?aid=44489

Url: https://www.mend.io/vulnerability-database/CVE-2025-59040

Severity Score

4.3

Weakness Type (CWE)

Improper Handling of Insufficient Permissions or Privileges

CWE-280

Top Fix

Upgrade Version

Upgrade to version https://github.com/Enalean/tuleap.git - 16.12

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59040

Good to know:

Date: September 18, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?