Denial of Service Vulnerability in Jenkins by Cloudbees
CVE-2025-67635
7.5HIGH
What is CVE-2025-67635?
Jenkins versions 2.540 and earlier, as well as LTS 2.528.2 and earlier, exhibit a vulnerability that arises from inadequate closure of HTTP-based CLI connections when a connection stream is compromised. This flaw could be exploited by unauthenticated attackers, leading to disruptions in service availability and denial of service for legitimate users.
Affected Version(s)
Jenkins 2.541
Jenkins 2.541
Jenkins 2.528.3 < 2.528.*
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved