Main Vulnerability Database Vulnerabilities #VU113404

#VU113404 Path traversal in HTML Publisher - CVE-2025-53651

Published: July 29, 2025

Vulnerability identifier: #VU113404

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-53651

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
HTML Publisher

Software vendor:
Jenkins

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the affected application displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step. A remote user can read arbitrary files on the system.

Remediation

Install updates from vendor's website.

External links

https://jenkins.io/security/advisory/2025-07-09/

#VU113404 Path traversal in HTML Publisher - CVE-2025-53651

Description

Remediation

External links

Please verify you're human