Input Validation Flaw in Jenkins Git Parameter Plugin
CVE-2025-53652

8.2HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Git Parameter Plugin
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-53652?

The Jenkins Git Parameter Plugin has an input validation flaw that permits users with Item/Build permission to misuse Git parameters. When submitting a build, the plugin does not ensure that the Git parameter value provided matches one of the predefined options, enabling attackers to potentially inject arbitrary values. This could lead to unintended and unauthorized behavior in the build process, highlighting the need for stringent validation controls in plugin implementations.

Affected Version(s)

Jenkins Git Parameter Plugin 0 <= 439.vb_0e46ca_14534

References

https://www.jenkins.io/security/advisory/2025-07-09/#SECU...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Jul 8, 2025