Cloudbees · Jenkins · CVE-2025-59476
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions 2.527 and earlier
Jenkins LTS versions 2.516.2 and earlier
**Description**
Jenkins does not restrict or transform characters inserted from user-specified content in log messages. This allows attackers who can control log message contents to insert line break characters, followed by forged log messages that may mislead administrators reviewing log output.
**Recommendations**
Update Jenkins to a version later than 2.527.
Update Jenkins LTS to a version later than 2.516.2.