CVE-2025-64134

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jenkins JDepend Plugin versions 1.3.1 and earlier

Description The Jenkins JDepend Plugin uses an outdated version of the JDepend Maven Plugin that lacks proper configuration of its XML parser. This configuration deficiency can allow for XML external entity (XXE) attacks. An XXE attack can potentially allow an attacker to access sensitive information or execute arbitrary code.

Recommendations Update the Jenkins JDepend Plugin to a version newer than 1.3.1.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2025-64134

GHSA-JFG6-4GX3-3V7W

Affected Products

Jdepend Maven Plugin

Jenkins

Jenkins Jdepend Plugin

CVE-2025-64134

Weakness Enumeration

Related Identifiers

Affected Products

References · 8