CVE-2025-47889 — CRITICAL (9.8)

Q: How severe is CVE-2025-47889?

CVE-2025-47889 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-47889?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Wso2 Oauth.

Vulnerability Description

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jenkins	Wso2 Oauth	<= 1.0

Related Weaknesses (CWE)

CWE-287

References

https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481Vendor Advisory

FAQ

What is CVE-2025-47889?

CVE-2025-47889 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers usin...

How severe is CVE-2025-47889?

CVE-2025-47889 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-47889?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Wso2 Oauth.