cvedb.io
CVE-2025-27150
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2025-03-04T17:15:18.663 · Last modified 2026-06-17T09:03:06.347

Summary

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Affected products

enalean — tuleap

Does this affect you?

Add your gear to cvedb and we'll alert you only when enalean ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.