Key Information Summary Vulnerability Description Vulnerability Name: File Release System project administrator can access releases in all projects CVE ID: CVE-2025-64497 CVSS v3 Score: 6.5/10 CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Required Privileges: Low - User Interaction: None - Scope: Unchanged - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None Affected Versions Tuleap Community Edition: < 17.0.99.1762431347 Tuleap Enterprise Edition: - < 17.0-2 - < 16.13-7 - < 16.12-10 Fixed Versions Tuleap Community Edition: 17.0.99.1762431347 Tuleap Enterprise Edition: - 17.0-2 - 16.13-7 - 16.12-10 Impact Attackers can exploit this vulnerability to access File Release System information in projects they are not authorized to access. Remediation Tuleap Community Edition: 17.0.99.1762431347 Tuleap Enterprise Edition: - 17.0-2 - 16.13-7 - 16.12-10 Additional Information For any questions or feedback regarding this advisory, please contact us using the contact information provided on the Tuleap.org security page. Vulnerability Type CWE-639 ``` This screenshot reveals a specific vulnerability in the Tuleap system, where a project administrator can access file release system information across all projects, representing a permission management flaw (CWE-639). The key is to identify affected versions and promptly upgrade to the patched versions to mitigate potential security risks.