CVE-2025-64133

MEDIUM

Jenkins Extensible Choice Parameter < 239.v5f5c278708cf - CSRF

Title source: rule

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code.

References (2)

Scores

CVSS v3 5.4
EPSS 0.0003
EPSS Percentile 6.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Classification

CWE
CWE-352
Status published

Affected Products (2)

jenkins/extensible_choice_parameter < 239.v5f5c278708cf
jp.ikedam.jenkins.plugins/extensible-choice-parameter Maven

Timeline

Published Oct 29, 2025
Tracked Since Feb 18, 2026