Listen to this Post
How the CVE Works
CVE-2025-47885 is a stored Cross-Site Scripting (XSS) vulnerability in the Jenkins Health Advisor by CloudBees Plugin (versions 374.v194b_d4f0c8c8 and earlier). The flaw occurs due to improper escaping of server responses from the Jenkins Health Advisor service. Attackers who can manipulate these responses—either by compromising the Health Advisor server or through MITM attacks—can inject malicious JavaScript payloads. When administrators view these responses in the Jenkins dashboard, the payload executes in their browser session, leading to session hijacking, privilege escalation, or remote code execution via crafted API calls.
DailyCVE Form
Platform: Jenkins
Version: ≤ 374.v194b_d0c8c8
Vulnerability: Stored XSS
Severity: Critical
Date: 06/12/2025
Prediction: Patch by 07/10/2025
What Undercode Say:
Exploitation:
1. Craft Malicious Payload:
alert(document.cookie);
2. Intercept/Modify Health Advisor Responses:
Use tools like Burp Suite or MITM frameworks to inject payloads into unescaped JSON/HTML responses.
Detection:
grep -r "HealthAdvisorResponse" /var/lib/jenkins/plugins/
Mitigation:
1. Temporary Workaround:
Disable the Health Advisor plugin via Jenkins CLI:
java -jar jenkins-cli.jar -s http://localhost:8080/ disable-plugin health-advisor
2. Patch Monitoring:
Track CloudBees’ security advisories for updates:
curl -s https://updates.jenkins.io/stable/update-center.json | jq '.plugins."health-advisor"'
Permanent Fix:
Upgrade to the patched version post-release (expected ≥375.x).
Analytics:
- Attack Surface: High (admin-level compromise).
- Exploit Complexity: Low (no auth bypass required).
- Payload Impact: Full session takeover.
References:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
