Moderate severityNVD Advisory· Published Sep 17, 2025· Updated Nov 4, 2025
CVE-2025-59475
CVE-2025-59475
Description
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g., whether Credentials Plugin is installed).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.516.3 | 2.516.3 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.517, < 2.528 | 2.528 |
Affected products
24- osv-coords23 versionspkg:apk/chainguard/jenkins-2pkg:apk/chainguard/jenkins-2.516pkg:apk/chainguard/jenkins-2.516-openjdk-17pkg:apk/chainguard/jenkins-2.516-openjdk-21pkg:apk/chainguard/jenkins-2-openjdk-17pkg:apk/chainguard/jenkins-2-openjdk-21pkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-docker-agentpkg:apk/chainguard/jenkins-docker-agent-openjdk-17pkg:apk/chainguard/jenkins-docker-agent-openjdk-21pkg:apk/chainguard/jenkins-remotingpkg:apk/chainguard/jenkins-utilspkg:apk/wolfi/jenkins-2pkg:apk/wolfi/jenkins-2-openjdk-17pkg:apk/wolfi/jenkins-2-openjdk-21pkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-docker-agentpkg:apk/wolfi/jenkins-docker-agent-openjdk-17pkg:apk/wolfi/jenkins-docker-agent-openjdk-21pkg:apk/wolfi/jenkins-remotingpkg:apk/wolfi/jenkins-utilspkg:bitnami/jenkinspkg:maven/org.jenkins-ci.main/jenkins-core
< 2.528-r0+ 22 more
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.516.3-r0
- (no CPE)range: < 2.516.3-r0
- (no CPE)range: < 2.516.3-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.528-r0
- (no CPE)range: < 2.516.3
- (no CPE)range: < 2.516.3
- Range: 2.516.3
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-223m-4rfp-646hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-59475ghsaADVISORY
- www.jenkins.io/security/advisory/2025-09-17/ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2025/09/17/1ghsaWEB
News mentions
1- Jenkins Security Advisory 2025-09-17Jenkins Security Advisories · Sep 17, 2025