Authorization Flaw in BlazeMeter Jenkins Plugin by Perforce
CVE-2025-13472

5.3MEDIUM

Key Information:

Vendor: Perforce
Status: Blazemeter
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-13472?

A vulnerability exists in the BlazeMeter Jenkins Plugin affecting versions prior to 4.27, where insufficient access controls allowed unauthorized users to view sensitive information such as credential IDs, workspace listings, and project IDs in the Jenkins UI. This flaw could lead to unauthorized disclosure of critical data. The recent update addresses these permission issues, enhancing the security of user access to sensitive resources.

Affected Version(s)

BlazeMeter Jenkins Plugin 0 < 4.27

References

https://portal.perforce.com/s/cve/a91Qi000002bFgTIAU/miss...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Nov 20, 2025

JSON