XSS in Enalean Tuleap
CVE-2025-53541
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1751892857 and Tuleap Enterprise Edition prior to 16.8-5 and 16.9-3, malicious…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L.
Affected products
- Enalean Tuleap — versions Tuleap Community Edition < 16.9.99.1751892857, Tuleap Enterprise Edition >= 16.9, < 16.9-3, Tuleap Enterprise Edition < 16.8-5
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/Enalean/tuleap/security/advisories/GHSA-6r66-j76j-rwhw (x_refsource_CONFIRM)
- https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=c1aec8247697d63dc4af791ecd6bd70d105ded08 (x_refsource_MISC)
- https://tuleap.net/plugins/tracker/?aid=43693 (x_refsource_MISC)
- http://github.com/Enalean/tuleap/commit/c1aec8247697d63dc4af791ecd6bd70d105ded08 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-53541?
- CVE-2025-53541 is a medium-severity vulnerability in Enalean Tuleap, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2025-07-29.
- How severe is CVE-2025-53541?
- Medium severity. CVSS v3 base score is 5.4 out of 10.
- Is CVE-2025-53541 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.