Home > Vulnerability Database > CVE-2025-67639

Mend.io Vulnerability Database

CVE-2025-67639

Good to know:

Date: December 10, 2025

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

Severity Score

3.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67639

Url: https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-1166

Url: https://github.com/jenkinsci/jenkins

Url: https://github.com/jenkinsci/jenkins/commit/31598feb0aa514d8978d2c27a4c9a5a9b8d80a57

Url: https://www.mend.io/vulnerability-database/CVE-2025-67639

Severity Score

3.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.541;org.jenkins-ci.main:jenkins-core:2.528.3;https://github.com/jenkinsci/jenkins.git - jenkins-2.528.3;https://github.com/jenkinsci/jenkins.git - jenkins-2.541

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67639

Good to know:

Date: December 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?