
We found results for “”
CVE-2025-27625
Good to know:

Date: March 5, 2025
In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash ("\") characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601Top Fix

Upgrade Version
Upgrade to version org.jenkins-ci.main:jenkins-core:2.492.2;org.jenkins-ci.main:jenkins-core:2.500
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |