CVE-2025-59474 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-59474 PUBLISHED

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.

EPSS 0.13% · 31.9th percentile

Risk Scores

EPSS Score

0.13%

31.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	0, 2.517.0
Bitnami	jenkins	0, 2.517.0

Timeline

Jan 21, 1970 CrowdSec Sighting
Jun 10, 2021 CrowdSec Sighting
Jul 20, 2023 CrowdSec Sighting
Oct 15, 2023 CrowdSec Sighting
Nov 23, 2023 CrowdSec Sighting
May 4, 2025 CrowdSec Sighting
Jun 28, 2025 CrowdSec Sighting
Sep 17, 2025 CVE Published
Sep 18, 2025 EPSS Score
Sep 23, 2025 PoC Published
Sep 24, 2025 EPSS Score
Sep 26, 2025 EPSS Score

References

Open in Interactive Console →