CVE-2025-53652HIGH 8.2EPSS p44.9%

CVE-2025-53652CVE-2025-53652

Description

Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

Scoring

CVSS 3.18.2 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.62% probability of exploitation · percentile 44.9% · 2026-06-19T12:03:05Z
Published2025-07-09
Last modified2025-11-04

Underlying weaknesses· 1

CWE-20

References

  1. https://www.jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
  2. http://www.openwall.com/lists/oss-security/2025/07/09/4

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-24398
CVE
CVE-2026-53442
CVE
CVE-2026-53438
CVE
CVE-2026-48926
CVE
CVE-2025-64140
CVE
CVE-2026-42523
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.