CVE-2025-67635

Summary

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.541 < *unaffected
Jenkins ProjectJenkins2.528.3 < 2.528.*unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References