CVE-2025-53652
Published Jul 9, 2025
Last updated 2 months ago
AI description
CVE-2025-53652 is a security vulnerability in the Jenkins Git Parameter Plugin, affecting versions 439.vb0e46ca14534 and earlier. The vulnerability arises because the plugin fails to validate that the Git parameter value submitted to the build matches one of the offered choices. This missing input validation allows attackers with Item/Build permission to inject arbitrary values into Git parameters. The vulnerability can enable attackers to bypass intended restrictions on Git parameter values. This could lead to unauthorized access to Git resources or potential manipulation of build processes. The vulnerability has been fixed in Git Parameter Plugin version 444.vcab84d3703c2, which implements proper validation to ensure that the Git parameter value submitted to the build matches one of the offered choices.
- Description
- Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
- Source
- jenkinsci-cert@googlegroups.com
- NVD status
- Analyzed
- Products
- git_parameter
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-20
- Hype score
- Not currently trending
🚨Alert🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability 🔥PoC :https://t.co/OtDyjQ4dLf 📊236.5K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/oI9MCc8udL 👇Query HUNTER : https://t.co/q9rtuGfZuz="Jen
@HunterMapping
13 Aug 2025
6300 Impressions
23 Retweets
82 Likes
41 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability 🔥POC :https://t.co/OtDyjQ4LAN 📊236.5K Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/oI9MCc923j 👇Query HUNTER : https://t.co/q9rtuGgxk7="Jen
@HunterMapping
13 Aug 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Blog | VulnCheck https://t.co/5w4vn4MmDZ
@Enlace_Geek
12 Aug 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-53652: Jenkins Servers at Risk from RCE Vulnerability 🎯580K+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/d3A6p8X6S7 FOFA Query:app="Jenkins" Query from the refer: body="Jenkins-Crumb" && icon_hash="8158
@fofabot
11 Aug 2025
7284 Impressions
42 Retweets
142 Likes
62 Bookmarks
1 Reply
1 Quote
🚨🚨CVE-2025-53652 (CVSS 9.8): Burk Technology ARC Solo allows password changes via HTTP endpoint without authentication. Attackers can take full control of the device with a single request! Search by vul.cve Filter👉vul.cve="CVE-2025-53652" ZoomEye Dork👉app="ARC Solo"
@zoomeye_team
11 Aug 2025
2054 Impressions
8 Retweets
21 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨 Urgent Security Alert! 15,000 Jenkins servers are at critical risk from a new RCE vulnerability (CVE-2025-53652). Act fast to protect your systems! #JenkinsSecurity #CyberAttack https://t.co/CYKi0FGOPc
@xcybersecnews
11 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) #cybersecurity #cloud #privacy https://t.co/FyYC64H9lP
@NRG_fx
9 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
15,000台以上のJenkinsサーバが遠隔コード実行の脆弱性CVE-2025-53652のリスクにさらされている。CVE-2025-53652はJenkins Git Parameterプラグインにおける脆弱性で、当初は深刻度「中」と評価されていたが、任意コード実
@__kokumoto
9 Aug 2025
1186 Impressions
8 Retweets
10 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-53652 : A critical command injection flaw in the Jenkins Git Parameter plugin. Exposed 15,000 Jenkins Servers at Risk from RCE Vulnerability https://t.co/r4lc6MP7ll
@freedomhack101
9 Aug 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) https://t.co/e3SmZqKZXP
@Dinosn
9 Aug 2025
9271 Impressions
35 Retweets
131 Likes
61 Bookmarks
0 Replies
3 Quotes
CVE-2025-53652 (CVSS:8.2, HIGH) is Awaiting Analysis. Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to..https://t.co/AOgI6XpkTn #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53652 Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices,… https://t.co/auxVP5TFQp
@CVEnew
10 Jul 2025
257 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-53652 Git Parameter Injection in Jenkins Plugin (≤439.vb_0e46ca_14534). Attacker with Item/Build rights can inject arbitrary Git input. 🗓️ Published 2025-07-09 📊 CVSS 8.2 (High) ⚠️ CWE-20 🔗 Read our full report @ https://t.co/V0d7jZYWom #info
@BaseFortify
10 Jul 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53652 Jenkins Git Parameter Plugin Unvalidated Git Parameter Injection Vulnera... https://t.co/RVeNR2a6JR Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
10 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:git_parameter:*:*:*:*:*:jenkins:*:*",
"vulnerable": true,
"matchCriteriaId": "B13D3F26-3F64-4185-8560-213AA36DF7E6",
"versionEndExcluding": "444.vca_b_84d3703c2"
}
],
"operator": "OR"
}
]
}
]