CVE-2025-59475 – This vulnerability in Jenkins allows authentica... (How to Fix)

Q: What is the severity of CVE-2025-59475?

CVE-2025-59475 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Jenkins allows authenticated attackers without Overall/Read permission to obtain limited information about Jenkins configuration through the user profile dropdown menu. Attackers can see which plugins are installed (like Credentials Plugin), potentially aiding reconnaissance for further attacks. All Jenkins instances running affected versions are vulnerable.

📋 TL;DR

This vulnerability in Jenkins allows authenticated attackers without Overall/Read permission to obtain limited information about Jenkins configuration through the user profile dropdown menu. Attackers can see which plugins are installed (like Credentials Plugin), potentially aiding reconnaissance for further attacks. All Jenkins instances running affected versions are vulnerable.

💻 Affected Systems

Products:

Jenkins

Versions: Jenkins 2.527 and earlier, LTS 2.516.2 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. Requires authenticated user access.

📦 What is this software?

Jenkins by Jenkins

View all CVEs affecting Jenkins →

Jenkins by Jenkins

View all CVEs affecting Jenkins →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gather configuration intelligence to plan targeted attacks, potentially discovering vulnerable plugins or misconfigurations that could lead to privilege escalation or data exposure.

🟠

Likely Case

Limited information disclosure about installed plugins and Jenkins configuration, enabling attackers to identify potential attack vectors for follow-up exploitation.

🟢

If Mitigated

Minimal impact with proper access controls, as attackers would only see menu options but not access sensitive data directly.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but no special permissions. Simple UI interaction reveals information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jenkins 2.528, LTS 2.516.3

Vendor Advisory: https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3625

Restart Required: No

Instructions:

1. Backup your Jenkins instance. 2. Update Jenkins to version 2.528 or later (or LTS 2.516.3 or later). 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict user access

all

Limit authenticated user access to only trusted individuals and implement strict permission controls.

🧯 If You Can't Patch

Implement network segmentation to isolate Jenkins from untrusted networks
Enforce strict authentication and authorization policies, minimizing user permissions

🔍 How to Verify

Check if Vulnerable:

Check Jenkins version via Manage Jenkins > About Jenkins. If version is 2.527 or earlier (or LTS 2.516.2 or earlier), instance is vulnerable.

Check Version:

java -jar jenkins.war --version

Verify Fix Applied:

After updating, verify version is 2.528 or later (or LTS 2.516.3 or later). Test that users without Overall/Read permission cannot see configuration options in profile dropdown.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to user profile endpoints by low-privileged users

Network Indicators:

HTTP requests to /user/[username]/dropdownMenu by unauthorized users

SIEM Query:

source="jenkins.log" AND "dropdownMenu" AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2025-59475

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-862

EPSS Score: 0.02% exploit probability (5.6th percentile)

Published: September 17, 2025

Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59475, you might also want to check these: