Listen to this Post
How the CVE Works
CVE-2025-27625 affects Jenkins versions 2.499 and earlier, including LTS 2.492.1. The vulnerability arises due to improper validation of redirect URLs starting with a backslash (\). Attackers can craft malicious Jenkins URLs that force user redirection to external phishing sites. Browsers interpret backslashes as part of scheme-relative redirects (e.g., `\example.com` becomes `http://example.com`), bypassing security checks. This enables phishing campaigns where users are silently redirected to attacker-controlled domains while believing they are on a legitimate Jenkins page.
DailyCVE Form
Platform: Jenkins
Version: ≤2.499, ≤2.492.1 (LTS)
Vulnerability: Open Redirect
Severity: Medium
Date: 06/23/2025
Prediction: Patch by 08/2025
What Undercode Say
Check Jenkins version jenkins-cli --version Example malicious URL (proof-of-concept) http://target-jenkins/\attacker.com Log analysis for exploit attempts grep "302 redirect" /var/log/jenkins/access.log
How Exploit
1. Attacker crafts a Jenkins URL with backslash-redirect.
- User clicks link, gets redirected to phishing site.
3. Session tokens/credentials harvested via fake login.
Protection from this CVE
- Upgrade to patched version post-release.
- Implement WAF rules blocking `\` in redirects.
- Educate users on phishing risks.
Impact
- Phishing attacks leading to credential theft.
- Reputation damage for Jenkins instances.
- Potential secondary attacks (e.g., malware drops).
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
