CVE-2025-31722

HIGH

Jenkins Templating Engine Plugin <2.5.3 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-31722. PoCs published by h3raklez, Nick6371.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-31722, a sandbox bypass vulnerability in the Jenkins Templating Engine plugin. The exploit leverages a folder-level GovernanceTier configuration to load and execute arbitrary code from an attacker-controlled Git repository, achieving remote code execution (RCE) on the Jenkins server.

Description

In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.

Exploits (2)

nomisec WORKING POC

by h3raklez · poc

https://github.com/h3raklez/CVE-2025-31722

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-31722, a sandbox bypass vulnerability in the Jenkins Templating Engine plugin. The exploit leverages a folder-level GovernanceTier configuration to load and execute arbitrary code from an attacker-controlled Git repository, achieving remote code execution (RCE) on the Jenkins server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins Templating Engine Plugin <= 2.5.3

Auth required

Prerequisites: Jenkins with Templating Engine plugin <= 2.5.3 · User with Item/READ, Item/CREATE, Item/CONFIGURE, and Item/BUILD permissions · CSRF protection disabled · Outbound network connectivity from Jenkins to attacker's machine on port 9418

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec NO CODE

by Nick6371 · poc

https://github.com/Nick6371/CVE-2025-31722

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3505

Scores

CVSS v3 8.8

EPSS 0.0091

EPSS Percentile 76.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (2)

jenkins/templating_engine < 2.5.4

org.jenkins-ci.plugins/templating-engine 0 - 2.5.4Maven

Published Apr 02, 2025

Tracked Since Feb 18, 2026