CVE-2025-67635

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.540 and earlier Jenkins LTS versions 2.528.2 and earlier

Description Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted. This can allow unauthenticated attackers to cause a denial of service.

Recommendations Update Jenkins to a version later than 2.540. Update Jenkins LTS to a version later than 2.528.2.

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2025-15959

BIT-JENKINS-2025-67635

CVE-2025-67635

GHSA-9P56-P6MW-W8QC

Affected Products

Jenkins

Red Os

CVE-2025-67635

Weakness Enumeration

Related Identifiers

Affected Products

References · 17