Cross-Site Request Forgery in Jenkins Extensible Choice Parameter Plugin
CVE-2025-64133
5.4MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 29 October 2025
What is CVE-2025-64133?
A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Extensible Choice Parameter Plugin that potentially enables attackers to execute unauthorized sandboxed Groovy code. This could lead to compromised system integrity and unauthorized access if exploited, emphasizing the need for users to apply necessary updates and security measures.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jenkins Extensible Choice Parameter Plugin 0 <= 239.v5f5c278708cf
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved