Home > Vulnerability Database > CVE-2025-30155

Mend.io Vulnerability Database

CVE-2025-30155

Good to know:

Date: March 31, 2025

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap does not enforce read permissions on parent trackers in the REST API. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742392651 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

Severity Score

4.3

Related Resources (6)

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0921df3a1c1aa20fc359b373f001a77c43b1b726

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30155

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-6hr4-h6px-7ppg

Url: https://github.com/Enalean/tuleap/commit/0921df3a1c1aa20fc359b373f001a77c43b1b726

Url: https://tuleap.net/plugins/tracker/?aid=42237

Url: https://www.mend.io/vulnerability-database/CVE-2025-30155

Severity Score

4.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version https://github.com/Enalean/tuleap.git - 16.6

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30155

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?