Medium severity4.3NVD Advisory· Published May 14, 2025· Updated Jun 17, 2026
CVE-2025-47886
CVE-2025-47886
Description
A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:vmanager-pluginMaven | < 4.0.1-288.v8804b_ea_a_cb_7f | 4.0.1-288.v8804b_ea_a_cb_7f |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-5w52-96jj-fv59ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-47886ghsaADVISORY
- www.jenkins.io/security/advisory/2025-05-14/nvdVendor AdvisoryWEB
- github.com/jenkinsci/vmanager-plugin/pull/25ghsaWEB
- github.com/jenkinsci/vmanager-plugin/releases/tag/4.0.1-288.v8804b_ea_a_cb_7fghsaWEB
News mentions
1- Jenkins Security Advisory 2025-05-14Jenkins Security Advisories · May 14, 2025