Moderate severityNVD Advisory· Published Mar 5, 2025· Updated Mar 6, 2025
CVE-2025-27625
CVE-2025-27625
Description
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (\) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.492.2 | 2.492.2 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.493, < 2.500 | 2.500 |
Affected products
4- osv-coords3 versions
< 2.492.3-r4+ 2 more
- (no CPE)range: < 2.492.3-r4
- (no CPE)range: >= 2.493.0, < 2.504.1
- (no CPE)range: < 2.492.2
- Range: 2.492.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-8hmv-92wm-39chghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-27625ghsaADVISORY
- www.jenkins.io/security/advisory/2025-03-05/ghsavendor-advisoryWEB
- github.com/jenkinsci/jenkins/commit/4a9a3ecd08fc00d2f1c1125be789d8be24f02c9eghsaWEB
News mentions
1- Jenkins Security Advisory 2025-03-05Jenkins Security Advisories · Mar 5, 2025