Critical Vulnerability Information Vulnerability Title: Missing CSRF protections in tracker field dependencies Vulnerability Level: Moderate CVE ID: CVE-2025-65962 CVSS v3 Base Score: 4.6 / 10 CVSS v3 Base Metrics: Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: Low Availability Impact: Low Affected Versions: Tuleap Community Edition (< 17.0.99.1763803709) Tuleap Enterprise Edition (< 17.0-4, < 16.13-9) Fixed Versions: Tuleap Community Edition 17.0.99.1763803709 Tuleap Enterprise Edition 17.0-4, 16.13-9 Impact: An attacker can exploit this vulnerability to trick victims into modifying tracker field dependencies. Patched Versions: Tuleap Community Edition 17.0.99.1763803709 Tuleap Enterprise Edition 17.0-4, 16.13-9 More Details: For any questions or feedback regarding this advisory, please contact us using the contact information provided on the Tuleap.org security page. Reference Links: Issue #45632: Missing CSRF protections in tracker field dependencies 26678c5 Tuleap stable commit