CVE-2025-67639 — LOW (3.5) — White Hats Nepal

Q: What is CVE-2025-67639?

CVE-2025-67639 is a vulnerability with a CVSS score of 3.5 (LOW). A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

Q: How severe is CVE-2025-67639?

CVE-2025-67639 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-67639?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.

Vulnerability Description

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Jenkins	< 2.528.3

Related Weaknesses (CWE)

CWE-352

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-1166Vendor Advisory

FAQ

What is CVE-2025-67639?

CVE-2025-67639 is a vulnerability with a CVSS score of 3.5 (LOW). A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.

How severe is CVE-2025-67639?

CVE-2025-67639 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-67639?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.