High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

Posted on By CWS

Patches launched by Jenkins deal with a major denial-of-service (DoS) vulnerability affecting tens of millions of organizations.

That depend on the favored automation server for steady integration and deployment pipelines. A high-severity vulnerability in Jenkins variations 2.540 and earlier (LTS 2.528.2 and earlier).

Allows unauthenticated attackers to set off denial of service assaults by means of the HTTP-based command-line interface.

Vulnerability Overview

The vulnerability stems from improper connection dealing with when HTTP CLI streams turn out to be corrupted.

Permitting malicious actors to exhaust server assets with out requiring authentication credentials. The flaw exists in Jenkins’s connection administration logic.

When an HTTP-based CLI connection stream turns into corrupted, the appliance fails to correctly shut the connection.

AttributeValueCVE IDCVE-2025-67635Vendor / ProjectJenkinsVulnerability TypeDenial of Service (DoS) by way of HTTP-based CLICVSS Base ScoreHighCVSS VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAttack VectorNetwork (HTTP-based CLI)DescriptionImproper closing of corrupted HTTP-based CLI connections permits unauthenticated DoS by exhausting threads.

This permits attackers to ship specifically crafted connection requests that trigger request-handling threads to attend indefinitely. Successfully freezing assets and stopping reliable visitors from being processed.

As a result of the vulnerability requires no authentication and could be exploited remotely over the community.

It poses a direct threat to Jenkins installations uncovered to untrusted networks or the general public web.

Attackers can repeatedly set off this situation, accumulating threads till the server turns into unresponsive.

Organizations should improve instantly to Jenkins 2.541 or LTS 2.528.3. Which embody patches that correctly shut HTTP-based CLI connections when stream corruption happens.

The fastened variations restore regular useful resource cleanup and forestall thread exhaustion assaults.

Safety groups ought to prioritize patching all Jenkins deployments, significantly internet-facing cases.

Monitor methods for uncommon connection patterns or thread rely anomalies which may point out lively exploitation makes an attempt.

Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates, Set CSN as a Most well-liked Supply in Google.

Cyber Security News Tags:, , , , , ,

Related Posts

Android 16 Comes with Advanced Device-level Security Setting Protection for 3 Billion Devices Android 16 Comes with Advanced Device-level Security Setting Protection for 3 Billion Devices Cyber Security News
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk Cyber Security News
What Is Out-of-Bounds Read and Write Vulnerability? What Is Out-of-Bounds Read and Write Vulnerability? Cyber Security News
Odyssey Stealer Escalates Threats to macOS Users Odyssey Stealer Escalates Threats to macOS Users Cyber Security News
Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments Cyber Security News
Hackers Exploit ComfyUI 700+ AI Image Generation Servers to Deploy Malware Hackers Exploit ComfyUI 700+ AI Image Generation Servers to Deploy Malware Cyber Security News