- Description
- In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
- Source
- jenkinsci-cert@googlegroups.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-338
- Hype score
- Not currently trending
🔴 Jenkins/ssh-agent #Docker Image, SSH Host Key Reuse, #CVE-2025-32754 (Critical) https://t.co/Mm8cdF3Fi4
@dailycve
4 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Jenkins Docker vulnerabilities (CVE-2025-32754 & CVE-2025-32755) expose your CI/CD to MITM attacks via shared SSH keys. Know the risks & how to fix them → https://t.co/xgao2l3PAb #DevSecOps #Docker #CVE #Jenkins #CyberSecurity
@threatsbank
14 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JenkinsのDockerイメージにSSHホストキー再利用の脆弱性(CVE-2025-32754,CVE-2025-32755) #セキュリティ対策Lab #セキュリティ #Security https://t.co/9XHAOZhmPk
@securityLab_jp
14 Apr 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Jenkins Host key reuse in SSH build agent Docker images (CVE-2025-32754 and CVE-2025-32755) #CVE202532754 #CVE202532755 #CyberSecurity #Jenkins https://t.co/U1VTYVQhS7 https://t.co/xsCuZBpecZ
@SystemTek_UK
12 Apr 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in Jenkins Docker images (CVE-2025-32754, CVE-2025-32755) allows SSH host key reuse, enabling attackers to intercept and modify build processes. Update to jenkins/ssh-agent 6.11.2 to mitigate. https://t.co/UB1DzhrIuc
@the_yellow_fall
11 Apr 2025
2497 Impressions
21 Retweets
64 Likes
18 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-32754 ⚠️🔴 CRITICAL (9.1) 🏢 Jenkins Project - Jenkins jenkins/ssh-agent Docker images 🏗️ 0 🔗 https://t.co/dgWohTQa2R #CyberCron #VulnAlert #InfoSec https://t.co/O66jRw06vh
@cybercronai
10 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:ssh-agent:*:*:*:*:*:docker:*:*",
"vulnerable": true,
"matchCriteriaId": "D635AFF6-449C-4436-9E85-BC40D217DB7A",
"versionEndExcluding": "6.11.2"
}
],
"operator": "OR"
}
]
}
]