CVE-2025-59476 — MEDIUM (5.3)

Q: How severe is CVE-2025-59476?

CVE-2025-59476 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59476?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.

Vulnerability Description

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may mislead administrators reviewing log output.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Jenkins	< 2.516.3

Related Weaknesses (CWE)

CWE-117

References

FAQ

What is CVE-2025-59476?

CVE-2025-59476 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control lo...

How severe is CVE-2025-59476?

CVE-2025-59476 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59476?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.