Home > Vulnerability Database > CVE-2025-30209

Mend.io Vulnerability Database

CVE-2025-30209

Good to know:

Date: March 31, 2025

Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker can access release notes content or information via the FRS REST endpoints it should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742812323 and Tuleap Enterprise Edition 16.5-6 and 16.4-10.

Severity Score

5.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-30209

Url: https://github.com/Enalean/tuleap/commit/34af2d5d10b0349967129f53427f495815e5bbcc

Url: https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=34af2d5d10b0349967129f53427f495815e5bbcc

Url: https://github.com/Enalean/tuleap/security/advisories/GHSA-hcp5-pmpm-mgwh

Url: https://tuleap.net/plugins/tracker/?aid=42251

Url: https://www.mend.io/vulnerability-database/CVE-2025-30209

Severity Score

5.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version https://github.com/Enalean/tuleap.git - 16.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-30209

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?