VDB
CVE-2025-59475
CVE-2025-59475
PUBLISHED
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu (e.g., whether Credentials Plugin is installed).
EPSS 0.03% · 10.5th percentile
Risk Scores
EPSS Score
0.03%
10.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 0, 2.517.0 |
| Bitnami | jenkins | 0, 2.517.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-59475 (circl-sighting)
- http://www.openwall.com/lists/oss-security/2025/09/17/1 (circl)
- Jenkins Security Advisory 2025-09-17 (circl)
Timeline
- Sep 17, 2025 CVE Published
- Sep 17, 2025 PoC Published
- Sep 18, 2025 EPSS Score
- Sep 25, 2025 EPSS Score
- Oct 2, 2025 EPSS Score
- Oct 9, 2025 EPSS Score
- Oct 16, 2025 EPSS Score
- Oct 23, 2025 EPSS Score
- Oct 30, 2025 EPSS Score
- Nov 5, 2025 CVE Updated
- Nov 6, 2025 EPSS Score
- Nov 13, 2025 EPSS Score