logo

Database

Improper control of interaction frequency In org.jenkins-ci.main:cli

Description

Jenkins has a Denial of service vulnerability in HTTP-based CLI Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-676352. NVD-2025-676353. OSV-2025-676354. GCVE-2025-67635

References

1. https://github.com/jenkinsci/jenkins/commit/efa1816322026f2b9235a27eee814bcc7ba0a7642. https://fluidattacks.com/blog/unauth-dos-in-jenkins-cli3. https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.