Login Sign Up

CVE-2025-64133

5.4 MEDIUM
CSRF

📋 TL;DR

A CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin allows attackers to trick authenticated users into executing sandboxed Groovy code. This affects Jenkins administrators and users with configuration permissions who visit malicious web pages while logged into Jenkins.

💻 Affected Systems

Products:
  • Jenkins Extensible Choice Parameter Plugin
Versions: 239.v5f5c278708cf and earlier
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Jenkins administrator or user with configuration permissions to be logged in and visit malicious page.

📦 What is this software?

Extensible Choice Parameter by Jenkins

View all CVEs affecting Extensible Choice Parameter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could execute arbitrary Groovy code within Jenkins sandbox constraints, potentially leading to data exposure, configuration changes, or further privilege escalation.

🟠

Likely Case

Attackers could modify job configurations, steal credentials stored in Jenkins, or disrupt CI/CD pipelines through unauthorized changes.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact is limited to authenticated users who interact with malicious content while logged in.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires social engineering to trick authenticated users into visiting malicious web pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 240.v5f5c278708cf or later

Vendor Advisory: https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3583

Restart Required: No

Instructions:

1. Navigate to Jenkins Manage Jenkins > Plugin Manager. 2. Check for updates to Extensible Choice Parameter Plugin. 3. Update to version 240.v5f5c278708cf or later. 4. No restart required.

🔧 Temporary Workarounds

Enable CSRF Protection

all

Ensure Jenkins CSRF protection is enabled in global security settings

Restrict Plugin Access

all

Limit configuration permissions to trusted administrators only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Jenkins from untrusted networks
  • Educate users about CSRF risks and safe browsing practices while logged into Jenkins

🔍 How to Verify

Check if Vulnerable:

Check plugin version in Jenkins Manage Jenkins > Plugin Manager > Installed tab

Check Version:

curl -s http://jenkins-host/pluginManager/api/json?depth=1 | grep -o '"shortName":"extensible-choice-parameter","version":"[^"]*"'

Verify Fix Applied:

Verify Extensible Choice Parameter Plugin version is 240.v5f5c278708cf or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual Groovy script execution in Jenkins logs
  • Unexpected configuration changes to Extensible Choice Parameter

Network Indicators:

  • CSRF token validation failures in web server logs
  • Unexpected POST requests to Jenkins configuration endpoints

SIEM Query:

source="jenkins.log" AND ("extensible-choice-parameter" OR "CSRF") AND ("error" OR "unauthorized")

📊 Metadata

CVE ID: CVE-2025-64133
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE: CWE-352
EPSS Score: 0.02% exploit probability (4.1th percentile)
Published: October 29, 2025
Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64133, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)