CVE-2025-59474

MEDIUM

CVSS v3

5.3

MEDIUM

EPSS Score

0.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.

Technical Details

Published
9/17/2025

Frequently Asked Questions

What is CVE-2025-59474?

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.

Is CVE-2025-59474 actively exploited?

Active exploitation of CVE-2025-59474 has not been confirmed. The EPSS score is 0.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-59474?

CVE-2025-59474 has a CVSS v3 base score of 5.3 (MEDIUM severity).

Is CVE-2025-59474 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.