CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a `javascript:` scheme URL as identifier by configuring the job through the REST API, resulting in a stored cross-site scripting (XSS) vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.6%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3611

Products affected by CVE-2025-67641

Jenkins » Coverage » Version: Any

cpe:2.3:a:jenkins:coverage:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-67641

Products

Pricing

Contact Us