CVE-2025-53652

8.2

High

Published:9 Jul 2025

Last updated:17 Jun 2026

Source:jenkinsci-cert@googlegroups.com

Modified

Weakness (CWE)

CWE-20Improper Input Validation

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: Low
Availability: None

View on MITRE Find PoC on GitHub

Description

Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

References

jenkinsci-cert@googlegroups.com

https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3419

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/07/09/4