VYPR
Moderate severityNVD Advisory· Published Mar 5, 2025· Updated Mar 6, 2025

CVE-2025-27625

CVE-2025-27625

Description

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (\) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
< 2.492.22.492.2
org.jenkins-ci.main:jenkins-coreMaven
>= 2.493, < 2.5002.500

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

1