Taiga Authenticated Remote Code Execution_CVE-2025-62368

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Description

Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.

AI Analysis

Remote code execution vulnerability in Taiga API due to unsafe deserialization of untrusted data

Basic Information

ID CVE-2025-62368

Source GitHub_M

Published Oct 28, 2025 at 20:08

Affected Product

Vendor taigaio

Product taiga-back

Version < 6.9.0

Affected Versions taigaio taiga-back < 6.9.0

CWE Classification

CWE-502

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Taigaio

Product Taiga

Version 6.8.3 and earlier

References

github.com /taigaio/taiga-back/security/advisories/GHSA-cpcf-9276-fwc5

{
    "lastseen": "",
    "description": "Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.",
    "published": "2025-10-28T20:08:29.569Z",
    "modified": "2025-10-28T20:08:29.569Z",
    "type": "cve",
    "title": "Taiga Authenticated Remote Code Execution",
    "source": "GitHub_M",
    "references": "https://github.com/taigaio/taiga-back/security/advisories/GHSA-cpcf-9276-fwc5",
    "id": "CVE-2025-62368",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "taigaio taiga-back < 6.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "taiga-back",
    "version": "< 6.9.0",
    "vendor": "taigaio",
    "ai_description": "Remote code execution vulnerability in Taiga API due to unsafe deserialization of untrusted data",
    "ai_severity": "Critical",
    "ai_vendor": "Taigaio",
    "ai_product": "Taiga",
    "ai_version": "6.8.3 and earlier",
    "ai_score": 9.1
}