How severe is CVE-2025-27401?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2025-27401?

This is classified as CWE-440, which is a common weakness in software security.

CVE-2025-27401 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filters of all reports of the instance and delete them. The malicious user only needs to have access to one tracker. This would result in the loss of all criteria filters forcing users and tracker admins to re-create them. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740498975 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

Related Vulnerabilities

CVE-2025-40555

MEDIUM

CVSS:4.7(Medium)

A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet creat...

CWE-4402025

CVE-2024-8690

MEDIUM

CVSS:4.4(Medium)

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverage...

CWE-4402024

CVE-2024-56202

MEDIUM

CVSS:4.3(Medium)

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to ...

CWE-4402024

CVE-2024-38806

LOW

CVSS:3.9(Low)

Failure to properly synchronize user's permissions in UAA in Cloud Foundry Foundation v40.17.0 https://github.com/cloudfoundry/cf-deployment/releases/tag/v40.17.0 , potentially resulting in users reta...

CWE-4402024

CVE-2023-32732

MEDIUM

CVSS:5.3(Medium)

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco...

CWE-4402023

CVE-2025-32728

LOW

CVSS:3.8(Low)

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

CWE-4402025