CVE-2025-67639

LOW

Jenkins < 2.528.3 - CSRF

Title source: rule

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

References (1)

Scores

CVSS v3 3.5
EPSS 0.0006
EPSS Percentile 17.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Classification

CWE
CWE-352
Status published

Affected Products (3)

jenkins/jenkins < 2.528.3
jenkins/jenkins < 2.541
org.jenkins-ci.main/jenkins-core < 2.541Maven

Timeline

Published Dec 10, 2025
Tracked Since Feb 18, 2026