CVE-2025-67639 PUBLISHED

Assigner: jenkins
Reserved: 09.12.2025 Published: 10.12.2025 Updated: 10.12.2025

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

Product Status

Vendor	Jenkins Project
Product	Jenkins
Versions	Default: affected unaffected from 2.541 to * (excl.) unaffected from 2.528.3 to 2.528.* (excl.)

References

Jenkins Security Advisory 2025-12-10