CVE-2025-53652

Published Jul 9, 2025

Last updated 8 months ago

CVSS high 8.2
Jenkins Git Parameter Plugin

Overview

Description
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
Source
jenkinsci-cert@googlegroups.com
NVD status
Analyzed
Products
git_parameter

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.2
Impact score
4.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-20

Social media

Hype score
Not currently trending

  1. 🚨Alert🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability 🔥PoC :https://t.co/OtDyjQ4dLf 📊236.5K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/oI9MCc8udL 👇Query HUNTER : https://t.co/q9rtuGfZuz="Jen

    @HunterMapping

    13 Aug 2025

    6300 Impressions

    23 Retweets

    82 Likes

    41 Bookmarks

    1 Reply

    0 Quotes

  2. 🚨Alert🚨 CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability 🔥POC :https://t.co/OtDyjQ4LAN 📊236.5K Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/oI9MCc923j 👇Query HUNTER : https://t.co/q9rtuGgxk7="Jen

    @HunterMapping

    13 Aug 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Blog | VulnCheck https://t.co/5w4vn4MmDZ

    @Enlace_Geek

    12 Aug 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2025-53652: Jenkins Servers at Risk from RCE Vulnerability 🎯580K+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/d3A6p8X6S7 FOFA Query:app="Jenkins" Query from the refer: body="Jenkins-Crumb" && icon_hash="8158

    @fofabot

    11 Aug 2025

    7284 Impressions

    42 Retweets

    142 Likes

    62 Bookmarks

    1 Reply

    1 Quote

  5. 🚨🚨CVE-2025-53652 (CVSS 9.8): Burk Technology ARC Solo allows password changes via HTTP endpoint without authentication. Attackers can take full control of the device with a single request! Search by vul.cve Filter👉vul.cve="CVE-2025-53652" ZoomEye Dork👉app="ARC Solo"

    @zoomeye_team

    11 Aug 2025

    2054 Impressions

    8 Retweets

    21 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 Urgent Security Alert! 15,000 Jenkins servers are at critical risk from a new RCE vulnerability (CVE-2025-53652). Act fast to protect your systems! #JenkinsSecurity #CyberAttack https://t.co/CYKi0FGOPc

    @xcybersecnews

    11 Aug 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) #cybersecurity #cloud #privacy https://t.co/FyYC64H9lP

    @NRG_fx

    9 Aug 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 15,000台以上のJenkinsサーバが遠隔コード実行の脆弱性CVE-2025-53652のリスクにさらされている。CVE-2025-53652はJenkins Git Parameterプラグインにおける脆弱性で、当初は深刻度「中」と評価されていたが、任意コード実

    @__kokumoto

    9 Aug 2025

    1186 Impressions

    8 Retweets

    10 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-53652 : A critical command injection flaw in the Jenkins Git Parameter plugin. Exposed 15,000 Jenkins Servers at Risk from RCE Vulnerability https://t.co/r4lc6MP7ll

    @freedomhack101

    9 Aug 2025

    92 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) https://t.co/e3SmZqKZXP

    @Dinosn

    9 Aug 2025

    9271 Impressions

    35 Retweets

    131 Likes

    61 Bookmarks

    0 Replies

    3 Quotes

  11. CVE-2025-53652 (CVSS:8.2, HIGH) is Awaiting Analysis. Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to..https://t.co/AOgI6XpkTn #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    14 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-53652 Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices,… https://t.co/auxVP5TFQp

    @CVEnew

    10 Jul 2025

    257 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 CVE-2025-53652 Git Parameter Injection in Jenkins Plugin (≤439.vb_0e46ca_14534). Attacker with Item/Build rights can inject arbitrary Git input. 🗓️ Published 2025-07-09 📊 CVSS 8.2 (High) ⚠️ CWE-20 🔗 Read our full report @ https://t.co/V0d7jZYWom #info

    @BaseFortify

    10 Jul 2025

    25 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-53652 Jenkins Git Parameter Plugin Unvalidated Git Parameter Injection Vulnera... https://t.co/RVeNR2a6JR Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    10 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.