SB2025072955 - Missing input validation in Jenkins Git Parameter plugin
Published: July 29, 2025
Security Bulletin ID
SB2025072955
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2025-53652)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected application does not validate that the Git parameter value submitted to the build matches one of the offered choices. A remote user can inject arbitrary values into Git parameters.
Remediation
Install update from vendor's website.