High severity8.2NVD Advisory· Published Jul 9, 2025· Updated Jun 17, 2026
CVE-2025-53652
CVE-2025-53652
Description
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.tools:git-parameterMaven | < 444.vca | 444.vca |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-qcj2-99cg-mppfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53652ghsaADVISORY
- www.jenkins.io/security/advisory/2025-07-09/nvdVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2025/07/09/4nvdWEB
News mentions
1- Jenkins Security Advisory 2025-07-09Jenkins Security Advisories · Jul 9, 2025