PT-2025-38153 · Cloudbees+2 · Jenkins+1

Manuel Fernandez

Published

2025-09-17

Updated

2025-10-22

CVE-2025-59476

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.527 and earlier Jenkins LTS versions 2.516.2 and earlier

Description Jenkins does not restrict or transform characters inserted from user-specified content in log messages. This allows attackers who can control log message contents to insert line break characters, followed by forged log messages that may mislead administrators reviewing log output.

Recommendations Update Jenkins to a version later than 2.527. Update Jenkins LTS to a version later than 2.516.2.

Fix

DoS

Improper Access Control

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-74CWE-117CWE-20

Related Identifiers

BDU:2025-13362

BDU:2025-13363

BIT-JENKINS-2025-59476

CVE-2025-59476

GHSA-QRH5-JG98-CR48

Affected Products

Jenkins

Red Os

PT-2025-38153 · Cloudbees+2 · Jenkins+1

CVE-2025-59476

Weakness Enumeration

Related Identifiers

Affected Products

References · 13