Moderate severityNVD Advisory· Published Sep 17, 2025· Updated Nov 4, 2025
CVE-2025-59474
CVE-2025-59474
Description
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.516.3 | 2.516.3 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.517, < 2.528 | 2.528 |
Affected products
24- osv-coords23 versionspkg:apk/chainguard/jenkins-2pkg:apk/chainguard/jenkins-2.516pkg:apk/chainguard/jenkins-2.516-openjdk-17pkg:apk/chainguard/jenkins-2.516-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-17pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-docker-agentpkg:apk/chainguard/jenkins-docker-agent-openjdk-17pkg:apk/chainguard/jenkins-docker-agent-openjdk-21pkg:apk/chainguard/jenkins-remotingpkg:apk/chainguard/jenkins-utilspkg:apk/wolfi/jenkins-2pkg:apk/wolfi/jenkins-2-openjdk-17pkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-docker-agentpkg:apk/wolfi/jenkins-docker-agent-openjdk-17pkg:apk/wolfi/jenkins-docker-agent-openjdk-21pkg:apk/wolfi/jenkins-remotingpkg:apk/wolfi/jenkins-utilspkg:bitnami/jenkinspkg:maven/org.jenkins-ci.main/jenkins-core
< 2.528-r0+ 22 more
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.516.3-r0
- (no CPE)range: < 2.516.3-r0
- (no CPE)range: < 2.516.3-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.516.3
- (no CPE)range: < 2.516.3
- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-67v4-38h7-9jjpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59474ghsaADVISORY
- www.jenkins.io/security/advisory/2025-09-17/ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2025/09/17/1ghsaWEB
News mentions
1- Jenkins Security Advisory 2025-09-17Jenkins Security Advisories · Sep 17, 2025