VDB
CVE-2025-67635
CVE-2025-67635
PUBLISHED
Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.
EPSS 0.18% · 39.2th percentile
Risk Scores
EPSS Score
0.18%
39.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 2.529.0, 0 |
| Bitnami | jenkins | 0, 2.529.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-67635 (circl-sighting)
- Jenkins Security Advisory 2025-12-10 (circl)
- cve-2026-27099.sh (github-poc)
- cve-2026-27099.sh (github-poc)
- cve-2026-27099.sh (github-poc)
- cve-2026-27099.sh (github-poc)
- cve-2026-27099.sh (github-poc)
- cve-2026-27099.sh (github-poc)
Timeline
- Dec 10, 2025 CVE Published
- Dec 11, 2025 EPSS Score
- Dec 12, 2025 PoC Published
- Dec 15, 2025 EPSS Score
- Dec 19, 2025 EPSS Score
- Dec 23, 2025 EPSS Score
- Dec 28, 2025 EPSS Score
- Jan 1, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 13, 2026 EPSS Score
- Jan 17, 2026 EPSS Score