High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

Posted on By CWS

Patches launched by Jenkins deal with a major denial-of-service (DoS) vulnerability affecting tens of millions of organizations.

That depend on the favored automation server for steady integration and deployment pipelines. A high-severity vulnerability in Jenkins variations 2.540 and earlier (LTS 2.528.2 and earlier).

Allows unauthenticated attackers to set off denial of service assaults by means of the HTTP-based command-line interface.

Vulnerability Overview

The vulnerability stems from improper connection dealing with when HTTP CLI streams turn out to be corrupted.

Permitting malicious actors to exhaust server assets with out requiring authentication credentials. The flaw exists in Jenkins’s connection administration logic.

When an HTTP-based CLI connection stream turns into corrupted, the appliance fails to correctly shut the connection.

AttributeValueCVE IDCVE-2025-67635Vendor / ProjectJenkinsVulnerability TypeDenial of Service (DoS) by way of HTTP-based CLICVSS Base ScoreHighCVSS VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAttack VectorNetwork (HTTP-based CLI)DescriptionImproper closing of corrupted HTTP-based CLI connections permits unauthenticated DoS by exhausting threads.

This permits attackers to ship specifically crafted connection requests that trigger request-handling threads to attend indefinitely. Successfully freezing assets and stopping reliable visitors from being processed.

As a result of the vulnerability requires no authentication and could be exploited remotely over the community.

It poses a direct threat to Jenkins installations uncovered to untrusted networks or the general public web.

Attackers can repeatedly set off this situation, accumulating threads till the server turns into unresponsive.

Organizations should improve instantly to Jenkins 2.541 or LTS 2.528.3. Which embody patches that correctly shut HTTP-based CLI connections when stream corruption happens.

The fastened variations restore regular useful resource cleanup and forestall thread exhaustion assaults.

Safety groups ought to prioritize patching all Jenkins deployments, significantly internet-facing cases.

Monitor methods for uncommon connection patterns or thread rely anomalies which may point out lively exploitation makes an attempt.

Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates, Set CSN as a Most well-liked Supply in Google.

Cyber Security News Tags:, , , , , ,

Related Posts

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups Cyber Security News
Critical RDS Vulnerability Patched Amid Active Exploits Critical RDS Vulnerability Patched Amid Active Exploits Cyber Security News
OpenSSH 10.3 Addresses Key Security Vulnerabilities OpenSSH 10.3 Addresses Key Security Vulnerabilities Cyber Security News
Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges Critical Zoom Clients for Windows Vulnerability Lets Attackers Escalate Privileges Cyber Security News
TAG-150 Hackers Deploying Self-Developed Malware Families to Attack Organizations TAG-150 Hackers Deploying Self-Developed Malware Families to Attack Organizations Cyber Security News
North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware North Korean Hackers Exploiting npm, GitHub, and Vercel to Deliver OtterCookie Malware Cyber Security News