CVE-2025-47889

Published May 14, 2025

Last updated 7 days ago

CVSS critical 9.8
Jenkins

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-47889 affects the WSO2 Oauth Plugin version 1.0 and earlier for Jenkins. The vulnerability stems from the plugin's security realm accepting authentication claims without proper validation. This lack of validation allows unauthenticated attackers to log in to Jenkins controllers using any username and password, even if those usernames don't actually exist. Successful exploitation could lead to unauthorized access to Jenkins controllers.

Description
In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.
Source
jenkinsci-cert@googlegroups.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2024-45332 2 - CVE-2025-4427 3 - CVE-2025-47889 4 - CVE-2025-4664 5 - CVE-2023-41992 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    17 May 2025

    147 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚡️The vulnerability details are now available: https://t.co/TBdJTFdQ03 🚨🚨Jenkins Plugin Flaws Expose Critical Risks CVE-2025-47889: Authentication Bypass in WSO2 Oauth Plugin (CVSS 9.8) CVE-2025-47884: Build Token Impersonation via OpenID Connect Provider Plugin (CVSS

    @zoomeye_team

    16 May 2025

    692 Impressions

    4 Retweets

    7 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  3. Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass https://t.co/LIYjXTPU0Z

    @Dinosn

    16 May 2025

    7244 Impressions

    45 Retweets

    145 Likes

    41 Bookmarks

    0 Replies

    0 Quotes

  4. Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass https://t.co/MsggZqiuq4

    @the_yellow_fall

    16 May 2025

    2655 Impressions

    21 Retweets

    50 Likes

    8 Bookmarks

    0 Replies

    3 Quotes

References

Sources include official advisories and independent security research.