Unrated severityNVD Advisory· Published Apr 10, 2025· Updated Apr 10, 2025

CVE-2025-32755

Description

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/ssh-slavellm-create
Jenkins Project/Jenkins jenkins/ssh-slave Docker imagesv5
Range: alpine

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2025-04-10/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2025-04-10
Jenkins Security Advisories · Apr 10, 2025

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000