Unrated severityNVD Advisory· Published Apr 10, 2025· Updated Apr 10, 2025

CVE-2025-32754

Description

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/ssh-agentllm-create
Range: <=6.11.1
Jenkins Project/Jenkins jenkins/ssh-agent Docker imagesv5
Range: 0

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2025-04-10/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2025-04-10
Jenkins Security Advisories · Apr 10, 2025

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000