Cross-Site Request Forgery Vulnerability in Jenkins by CloudBees
CVE-2025-67639
What is CVE-2025-67639?
A cross-site request forgery (CSRF) vulnerability has been identified in Jenkins, specifically impacting versions up to 2.540 and LTS 2.528.2. This issue allows malicious actors to potentially manipulate user sessions, enabling attackers to compel users into executing unintended actions within their accounts. Such vulnerabilities pose significant risks, especially in environments with extensive automation, making it crucial for users to apply necessary patches and take preventive measures to mitigate potential attacks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Jenkins 2.541
Jenkins 2.541
Jenkins 2.528.3 < 2.528.*
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved