CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.

Published: Apr 2, 2025
Updated: Jun 30, 2025
CVE: CVE-2025-31720
GHSA: GHSA-565r-pf5q-45v6
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	2.492.3
jenkins / jenkins	-	2.504
org.jenkins-ci.main / jenkins-core	2.500	2.504
org.jenkins-ci.main / jenkins-core	-	2.492.3

https://github.com/jenkinsci/jenkins/commit/bf32018bf075c06e5df649583557c82d42d8bb5c
https://www.jenkins.io/security/advisory/2025-04-02/#SECURITY-3512

Vulnerability Database

289,599

CVE-2025-31720