CVE-2025-62368
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-62368
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62368.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62368
- Aliases
-
- GHSA-cpcf-9276-fwc5
- Published
- 2025-10-28T20:08:29.569Z
- Modified
- 2025-12-05T10:21:11.525439Z
- Severity
-
- 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Taiga Authenticated Remote Code Execution
- Details
-
Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.
- Database specific
{ "cwe_ids": [ "CWE-502" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62368.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/taigaio/taiga-back
Affected versions
1.*
1.0.0
1.0b1
1.1.0
1.1.1
1.10.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.9.1
2.*
2.0.0
2.1.0
3.*
3.0.0
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.2
3.2.3
3.3.0
3.3.1
3.3.10
3.3.11
3.3.12
3.3.13
3.3.14
3.3.15
3.3.16
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1.0
4.1.1
4.2.0
4.2.1
4.2.10
4.2.11
4.2.12
4.2.14
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
5.*
5.0.0
5.0.1
5.0.10
5.0.11
5.0.12
5.0.13
5.0.14
5.0.15
5.0.2
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.5.0
5.5.1
5.5.2
5.5.3
5.5.4
5.5.5
5.5.7
5.5.9
6.*
6.0.0
6.0.0-rc.1
6.0.0-rc.2
6.0.0-rc.3
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.3.0
6.4.0
6.4.1
6.4.2
6.4.3
6.5.0
6.5.1
6.5.2
6.6.0
6.6.1
6.6.2
6.7.0
6.7.1
6.7.2
6.7.3
6.8.0
6.8.1
6.8.2
6.8.3
Other
django17-deploy-step1