CVE-2025-27156

Source
https://cve.org/CVERecord?id=CVE-2025-27156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27156.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27156
Aliases
  • GHSA-x2v2-xr59-c9cf
Published
2025-03-04T16:53:49.741Z
Modified
2026-04-10T05:24:12.138039Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N CVSS Calculator
Summary
Tuleap allows content injection via emails sent by the mass emailing features
Details

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27156.json"
}
References

Affected packages

Git / github.com/enalean/tuleap

Affected ranges

Type
GIT
Repo
https://github.com/enalean/tuleap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27156.json"
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "16.3-11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "16.4.99.1740567344"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.4"
            },
            {
                "fixed": "16.4-6"
            }
        ]
    }
]