CVE-2025-67639

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins2.541 < *unaffected
Jenkins ProjectJenkins2.528.3 < 2.528.*unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References