CVE-2025-64482 Tuleap missing CSRF protections in the File Release System

🗓️ 12 Nov 2025 21:37:25Reported by GitHub_MType

CVE-2025-64482 Tuleap lacks CSRF protections in File Release, enabling changes to immutable tags.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-64482	13 Nov 202501:05	–	circl
CNNVD	Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition 跨站请求伪造漏洞	12 Nov 202500:00	–	cnnvd
CVE	CVE-2025-64482	12 Nov 202521:37	–	cve
EUVD	EUVD-2025-150397	12 Nov 202521:37	–	euvd
NVD	CVE-2025-64482	12 Nov 202522:15	–	nvd
OSV	CVE-2025-64482 Tuleap missing CSRF protections in the File Release System	12 Nov 202521:37	–	osv
Positive Technologies	PT-2025-46724	12 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-64482	13 Nov 202521:51	–	redhatcve
Vulnrichment	CVE-2025-64482 Tuleap missing CSRF protections in the File Release System	12 Nov 202521:37	–	vulnrichment

[
  {
    "vendor": "Enalean",
    "product": "tuleap",
    "versions": [
      {
        "version": "Tuleap Community Edition < 16.13.99.1762267347",
        "status": "affected"
      },
      {
        "version": "Tuleap Enterprise Edition  < 17.0-1",
        "status": "affected"
      },
      {
        "version": "Tuleap Enterprise Edition  < 16.13-6",
        "status": "affected"
      },
      {
        "version": "Tuleap Enterprise Edition  < 16.12-9",
        "status": "affected"
      }
    ]
  }
]

Source	Link
tuleap	www.tuleap.net/plugins/git/tuleap/tuleap/stable
github	www.github.com/Enalean/tuleap/commit/899b5c1693324211947b72f2810ae8944e1bd0d5
tuleap	www.tuleap.net/plugins/tracker/
github	www.github.com/Enalean/tuleap/security/advisories/GHSA-w7h4-9vf6-q7rc

12 Nov 2025 21:37Current

CVSS 3.14.6

EPSS0.0002

CWE-352