CVE-2025-31721 — Vulnetix

CVE-2025-31721 PUBLISHED

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.

EPSS 0.09% · 26.0th percentile

Risk Scores

EPSS Score

0.09%

26.0th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	0, 2.493.0
Bitnami	jenkins	0, 2.493.0

Timeline

Apr 2, 2025 CVE Published
Apr 2, 2025 Coalition ESS Score
Apr 2, 2025 Coalition ESS Score
Apr 2, 2025 PoC Published
Apr 2, 2025 PoC Published
Apr 3, 2025 EPSS Score
Apr 16, 2025 EPSS Score
Apr 29, 2025 EPSS Score
May 11, 2025 EPSS Score
May 22, 2025 Coalition ESS Score
May 24, 2025 EPSS Score
Jun 6, 2025 EPSS Score

References

https://nvd.nist.gov/vuln/detail/CVE-2025-31721 url
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3513 url

Open in Interactive Console →