CVE-2025-27625 — Vulnetix

CVE-2025-27625 PUBLISHED

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (`\`) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.

EPSS 0.27% · 50.7th percentile

Risk Scores

EPSS Score

0.27%

50.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	2.493.0
Bitnami	jenkins	2.493.0

Timeline

Mar 5, 2025 CVE Published
Mar 6, 2025 EPSS Score
Mar 6, 2025 PoC Published
Mar 6, 2025 CVE Updated
Mar 9, 2025 Coalition ESS Score
Mar 20, 2025 EPSS Score
Apr 3, 2025 EPSS Score
Apr 16, 2025 EPSS Score
Apr 30, 2025 EPSS Score
May 14, 2025 EPSS Score
May 28, 2025 EPSS Score
Jun 10, 2025 EPSS Score

References

https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501 url
https://nvd.nist.gov/vuln/detail/CVE-2025-27625 url

Open in Interactive Console →