CVE-2025-47886

Name of the Vulnerable Software and Affected Versions: Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier

Description: A cross-site request forgery (CSRF) issue allows attackers to connect to an attacker-specified URL using an attacker-specified username and password. This can be exploited by attackers to perform unauthorized actions.

Recommendations: For Jenkins Cadence vManager Plugin versions 4.0.1-286.v9e25a 740b a 48 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to sensitive URLs and credentials to minimize the risk of unauthorized connections.