CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.6%

CVSS Severity

CVSS v3 Score 4.3

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3517
http://www.openwall.com/lists/oss-security/2025/10/29/2

Products affected by CVE-2025-64137

Jenkins » Themis » Version: 1.0

cpe:2.3:a:jenkins:themis:1.0
Jenkins » Themis » Version: 1.1

cpe:2.3:a:jenkins:themis:1.1
Jenkins » Themis » Version: 1.2

cpe:2.3:a:jenkins:themis:1.2
Jenkins » Themis » Version: 1.2.1

cpe:2.3:a:jenkins:themis:1.2.1
Jenkins » Themis » Version: 1.2.3

cpe:2.3:a:jenkins:themis:1.2.3
Jenkins » Themis » Version: 1.3

cpe:2.3:a:jenkins:themis:1.3
Jenkins » Themis » Version: 1.4

cpe:2.3:a:jenkins:themis:1.4
Jenkins » Themis » Version: 1.4.1

cpe:2.3:a:jenkins:themis:1.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-64137

Products

Pricing

Contact Us