CVE-2025-59476 – This vulnerability allows attackers who can con... (How to Fix)

Q: What is the severity of CVE-2025-59476?

CVE-2025-59476 has a CVSS score of 5.3 (MEDIUM). This vulnerability allows attackers who can control log message content in Jenkins to insert line break characters followed by forged log messages. This could mislead administrators reviewing log output by making malicious entries appear legitimate. Affects Jenkins 2.527 and earlier, and LTS 2.516.2 and earlier.

📋 TL;DR

This vulnerability allows attackers who can control log message content in Jenkins to insert line break characters followed by forged log messages. This could mislead administrators reviewing log output by making malicious entries appear legitimate. Affects Jenkins 2.527 and earlier, and LTS 2.516.2 and earlier.

💻 Affected Systems

Products:

Jenkins

Versions: Jenkins 2.527 and earlier, LTS 2.516.2 and earlier

Operating Systems: All platforms running affected Jenkins versions

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default logging configuration. Attackers need ability to control log message content, which may require plugin access or compromised accounts.

📦 What is this software?

Jenkins by Jenkins

View all CVEs affecting Jenkins →

Jenkins by Jenkins

View all CVEs affecting Jenkins →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could forge critical log entries to hide real attacks, misdirect investigations, or create false alerts that trigger unnecessary actions.

🟠

Likely Case

Attackers with existing access could insert misleading log entries to cover tracks or create confusion during incident response.

🟢

If Mitigated

With proper log review procedures and integrity controls, forged entries would be detected as anomalies.

🌐 Internet-Facing: MEDIUM - Requires attacker to control log message content, which typically requires some level of access.

🏢 Internal Only: MEDIUM - Same risk applies internally if attackers gain access to log injection capabilities.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to inject content into log messages, which typically requires authenticated access or plugin vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jenkins 2.528, LTS 2.516.3

Vendor Advisory: https://www.jenkins.io/security/advisory/2025-09-17/#SECURITY-3424

Restart Required: No

Instructions:

1. Backup Jenkins configuration and data. 2. Upgrade to Jenkins 2.528 or LTS 2.516.3. 3. Verify upgrade completed successfully. 4. Monitor logs for any anomalies.

🔧 Temporary Workarounds

Log sanitization filter

all

Implement custom log filtering to strip or escape line break characters from user-controlled content

Implement custom LogFilter extension in Jenkins

🧯 If You Can't Patch

Implement strict access controls to limit who can write to logs
Deploy log integrity monitoring to detect forged entries

🔍 How to Verify

Check if Vulnerable:

Check Jenkins version via Manage Jenkins > About Jenkins or via CLI: java -jar jenkins.war --version

Check Version:

java -jar jenkins.war --version

Verify Fix Applied:

Verify version is 2.528 or higher (or LTS 2.516.3 or higher) and test log injection attempts are properly sanitized

📡 Detection & Monitoring

Log Indicators:

Unusual line break patterns in logs
Log entries with mismatched timestamps or sources
Suspicious log content following line breaks

Network Indicators:

None specific to this vulnerability

SIEM Query:

source="jenkins.log" AND (message="\n\n" OR message="\r\n")

📊 Metadata

CVE ID: CVE-2025-59476

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-117

EPSS Score: 0.07% exploit probability (20th percentile)

Published: September 17, 2025

Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59476, you might also want to check these: