Denial of Service Vulnerability in Jenkins by Cloudbees
CVE-2025-67635

7.5HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-67635?

Jenkins versions 2.540 and earlier, as well as LTS 2.528.2 and earlier, exhibit a vulnerability that arises from inadequate closure of HTTP-based CLI connections when a connection stream is compromised. This flaw could be exploited by unauthenticated attackers, leading to disruptions in service availability and denial of service for legitimate users.

Affected Version(s)

Jenkins 2.541

Jenkins 2.528.3 < 2.528.*

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECU...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Dec 9, 2025

JSON