Cloudbees · Jenkins · CVE-2025-67635
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions 2.540 and earlier
Jenkins LTS versions 2.528.2 and earlier
**Description**
Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted. This can allow unauthenticated attackers to cause a denial of service.
**Recommendations**
Update Jenkins to a version later than 2.540.
Update Jenkins LTS to a version later than 2.528.2.