CVE-2025-67635 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-67635 PUBLISHED

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.

EPSS 0.12% · 30.2th percentile

Risk Scores

EPSS Score

0.12%

30.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	2.529.0, 0
Bitnami	jenkins	0, 2.529.0

Timeline

Dec 10, 2025 CVE Published
Dec 11, 2025 EPSS Score
Dec 12, 2025 PoC Published
Dec 15, 2025 EPSS Score
Dec 17, 2025 CVE Updated
Dec 18, 2025 EPSS Score
Dec 22, 2025 EPSS Score
Dec 25, 2025 EPSS Score
Dec 29, 2025 EPSS Score
Jan 2, 2026 EPSS Score
Jan 5, 2026 EPSS Score
Jan 9, 2026 EPSS Score

References

Open in Interactive Console →