CVE-2025-53652
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-53652. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
Available Exploits
Related News
A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…
Affected Products
Affected Versions:
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: July 9, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check
GHSA-qcj2-99cg-mppfAdvisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: July 9, 2025, Modified: July 9, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Blog | VulnCheck
15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)
🔥 Top 10 Trending CVEs (12/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-32724](https://nvd.nist.gov/vuln/detail/CVE-2025-32724)** - 📝 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability - 📅 **Published:** 10/06/2025 - 📈 **CVSS:** 7.5 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ …
🔥 Top 10 Trending CVEs (11/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-49760](https://nvd.nist.gov/vuln/detail/CVE-2025-49760)** - 📝 Windows Storage Spoofing Vulnerability - 📅 **Published:** 08/07/2025 - 📈 **CVSS:** 3.5 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C - 📣 **Mentions:** 4 - ⚠️ **Priority:** 4 - 📝 **Analysis:** A …
🔥 Top 10 Trending CVEs (10/08/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-8088](https://nvd.nist.gov/vuln/detail/CVE-2025-8088)** - 📝 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the …
15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)
Command Injection in Jenkins via Git Parameter (CVE-2025-53652) | Blog | VulnCheck