High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

Posted on By CWS

Patches launched by Jenkins deal with a major denial-of-service (DoS) vulnerability affecting tens of millions of organizations.

That depend on the favored automation server for steady integration and deployment pipelines. A high-severity vulnerability in Jenkins variations 2.540 and earlier (LTS 2.528.2 and earlier).

Allows unauthenticated attackers to set off denial of service assaults by means of the HTTP-based command-line interface.

Vulnerability Overview

The vulnerability stems from improper connection dealing with when HTTP CLI streams turn out to be corrupted.

Permitting malicious actors to exhaust server assets with out requiring authentication credentials. The flaw exists in Jenkins’s connection administration logic.

When an HTTP-based CLI connection stream turns into corrupted, the appliance fails to correctly shut the connection.

AttributeValueCVE IDCVE-2025-67635Vendor / ProjectJenkinsVulnerability TypeDenial of Service (DoS) by way of HTTP-based CLICVSS Base ScoreHighCVSS VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAttack VectorNetwork (HTTP-based CLI)DescriptionImproper closing of corrupted HTTP-based CLI connections permits unauthenticated DoS by exhausting threads.

This permits attackers to ship specifically crafted connection requests that trigger request-handling threads to attend indefinitely. Successfully freezing assets and stopping reliable visitors from being processed.

As a result of the vulnerability requires no authentication and could be exploited remotely over the community.

It poses a direct threat to Jenkins installations uncovered to untrusted networks or the general public web.

Attackers can repeatedly set off this situation, accumulating threads till the server turns into unresponsive.

Organizations should improve instantly to Jenkins 2.541 or LTS 2.528.3. Which embody patches that correctly shut HTTP-based CLI connections when stream corruption happens.

The fastened variations restore regular useful resource cleanup and forestall thread exhaustion assaults.

Safety groups ought to prioritize patching all Jenkins deployments, significantly internet-facing cases.

Monitor methods for uncommon connection patterns or thread rely anomalies which may point out lively exploitation makes an attempt.

Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates, Set CSN as a Most well-liked Supply in Google.

Cyber Security News Tags:, , , , , ,

Related Posts

11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware Cyber Security News
Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure Cyber Security News
Hackers Reportedly Demand Google Fire Two Employees, Threaten Data Leak Cyber Security News
Building a Cyber-Resilient Organization in 2025 Cyber Security News
Sophisticated Skitnet Malware Actively Adopted by Ransomware Gangs to Streamline Operations Cyber Security News
ASUS Armoury Crate Vulnerability Let Attackers Escalate to System User on Windows Machine Cyber Security News