High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI

Posted on By CWS

Patches launched by Jenkins deal with a major denial-of-service (DoS) vulnerability affecting tens of millions of organizations.

That depend on the favored automation server for steady integration and deployment pipelines. A high-severity vulnerability in Jenkins variations 2.540 and earlier (LTS 2.528.2 and earlier).

Allows unauthenticated attackers to set off denial of service assaults by means of the HTTP-based command-line interface.

Vulnerability Overview

The vulnerability stems from improper connection dealing with when HTTP CLI streams turn out to be corrupted.

Permitting malicious actors to exhaust server assets with out requiring authentication credentials. The flaw exists in Jenkins’s connection administration logic.

When an HTTP-based CLI connection stream turns into corrupted, the appliance fails to correctly shut the connection.

AttributeValueCVE IDCVE-2025-67635Vendor / ProjectJenkinsVulnerability TypeDenial of Service (DoS) by way of HTTP-based CLICVSS Base ScoreHighCVSS VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HAttack VectorNetwork (HTTP-based CLI)DescriptionImproper closing of corrupted HTTP-based CLI connections permits unauthenticated DoS by exhausting threads.

This permits attackers to ship specifically crafted connection requests that trigger request-handling threads to attend indefinitely. Successfully freezing assets and stopping reliable visitors from being processed.

As a result of the vulnerability requires no authentication and could be exploited remotely over the community.

It poses a direct threat to Jenkins installations uncovered to untrusted networks or the general public web.

Attackers can repeatedly set off this situation, accumulating threads till the server turns into unresponsive.

Organizations should improve instantly to Jenkins 2.541 or LTS 2.528.3. Which embody patches that correctly shut HTTP-based CLI connections when stream corruption happens.

The fastened variations restore regular useful resource cleanup and forestall thread exhaustion assaults.

Safety groups ought to prioritize patching all Jenkins deployments, significantly internet-facing cases.

Monitor methods for uncommon connection patterns or thread rely anomalies which may point out lively exploitation makes an attempt.

Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates, Set CSN as a Most well-liked Supply in Google.

Cyber Security News Tags:, , , , , ,

Related Posts

Top User Access Management Tools for 2026 Top User Access Management Tools for 2026 Cyber Security News
“AI-Induced Destruction” – Helpful Tools Become Accidental Weapons “AI-Induced Destruction” – Helpful Tools Become Accidental Weapons Cyber Security News
MathWorks Confirms Cyberattack, User Personal Information Stolen MathWorks Confirms Cyberattack, User Personal Information Stolen Cyber Security News
76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026 76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026 Cyber Security News
Threat Actors Leverages DeepSeek-R1 Popularity to Attack Users Running Windows Devices Threat Actors Leverages DeepSeek-R1 Popularity to Attack Users Running Windows Devices Cyber Security News
Microsoft’s Copilot Disclaimer Sparks Security Debate Microsoft’s Copilot Disclaimer Sparks Security Debate Cyber Security News