SSH Key Management Vulnerability in Jenkins Docker Images by CloudBees

CVE-2025-32754

What is CVE-2025-32754?

CVE-2025-32754 is a security vulnerability found in Jenkins Docker images provided by CloudBees, specifically affecting version 6.11.1 and earlier of the jenkins/ssh-agent images. Jenkins is a widely used automation server that facilitates continuous integration and continuous delivery (CI/CD), allowing developers to automate building, testing, and deploying software. This vulnerability revolves around the way SSH host keys are generated during the creation of these Docker images, which leads to a situation where all containers derived from the same image share identical SSH host keys. This flaw can enable attackers to position themselves in between the SSH client and build agent, potentially impersonating the build agent, thereby undermining the security of the communications.

Technical Details

The vulnerability arises from the generation of SSH host keys when the Docker images are created, specifically for images based on Debian. This practice results in all containers instantiated from the same version of these images utilizing the identical SSH host keys. Consequently, if an attacker gains access to the network path between the Jenkins controller (the SSH client) and the SSH build agent, they can impersonate the build agent, leading to unauthorized access to sensitive resources and information.

Potential Impact of CVE-2025-32754

1. Unauthorized Access: Attackers can impersonate the SSH build agent, granting them unauthorized access to the resources managed by the Jenkins server, which may include sensitive build data and credentials.

2. Impersonation Risks: This vulnerability allows attackers to insert themselves into communication channels, reopening avenues for man-in-the-middle attacks, which can lead to the exfiltration of sensitive data and credentials.

3. Security Posture Compromise: Due to the shared SSH host keys across multiple containers, organizations may face challenges in maintaining a secure and isolated environment, making it easier for attackers to explore further vulnerabilities or escalate privileges within the network.

References