How severe is CVE-2025-27094?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-27094?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2025-27094

MEDIUM Year: 2025

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-440

View all →

Vulnerability Description

Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute for the multiselectbox field, the default value, number of rows, and columns attributes for the text field, and the default value, size, and max characters attributes for the string field configurations are lost when added as criteria in a saved report. Additionally, in Tuleap Community Edition versions 16.4.99.1739806825 to 16.4.99.1739877910, this issue could be exploited to prevent access to tracker data by triggering a crash. This vulnerability has been fixed in Tuleap Community Edition 16.4.99.1739877910 and Tuleap Enterprise Edition 16.3-9 and 16.4-4.

CVE-2020-10766

MEDIUM

CVSS:5.5(Medium)

A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context...

CWE-4402020

CVE-2020-10767

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or...

CWE-4402020

CVE-2020-10768

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as ...

CWE-4402020

CVE-2022-3344

MEDIUM

CVSS:5.5(Medium)

A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault ...

CWE-4402022

CVE-2023-32732

MEDIUM

CVSS:5.3(Medium)

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco...

CWE-4402023

CVE-2024-47762

MEDIUM

CVSS:5.8(Medium)

Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ig...

CWE-4402024

CVE-2025-27094

Vulnerability Description

Related Vulnerabilities

CVE-2020-10766

CVE-2020-10767

CVE-2020-10768

CVE-2022-3344

CVE-2023-32732

CVE-2024-47762