Vulnerabilities

CVE-2025-27625

by Fred · 05/03/2025

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (“) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.

More information : https://www.jenkins.io/security/advisory/2025-03-05/#SECURITY-3501

Similar

Tags: Cybersecurity Alert