CSRF Vulnerability in Jenkins Cadence vManager Plugin
CVE-2025-47886

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Cadence Vmanager Plugin
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-47886?

A cross-site request forgery (CSRF) vulnerability exists in versions 4.0.1-286.v9e25a_740b_a_48 and earlier of the Jenkins Cadence vManager Plugin. This flaw allows attackers to trick users into performing unintended actions, enabling unauthorized access by connecting to an arbitrary URL with an attacker-defined username and password, potentially compromising user accounts and sensitive information.

Affected Version(s)

Jenkins Cadence vManager Plugin 0 <= 4.0.1-286.v9e25a_740b_a_48

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
May 13, 2025