CVE-2025-47889CRITICAL 9.8EPSS p43.7%

CVE-2025-47889CVE-2025-47889

Description

In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 43.7% · 2026-06-19T12:03:05Z
Published2025-05-14
Last modified2025-06-12

Underlying weaknesses· 1

CWE-287

References

  1. https://www.jenkins.io/security/advisory/2025-05-14/#SECURITY-3481

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-47884
CVE
CVE-2025-10611
CVE
CVE-2025-24399
CVE
CVE-2026-48926
CVE
CVE-2026-48917
CVE
CVE-2025-24398
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.