What is the severity of CVE-2025-27624?

The severity of CVE-2025-27624 is considered moderate due to its potential to affect user interface settings in Jenkins.

How do I fix CVE-2025-27624?

To fix CVE-2025-27624, upgrade to Jenkins version 2.500 or later, or Jenkins LTS version 2.492.2 or later.

What does CVE-2025-27624 affect?

CVE-2025-27624 affects Jenkins 2.499 and earlier, as well as Jenkins LTS 2.492.1 and earlier.

What is the impact of CVE-2025-27624?

The impact of CVE-2025-27624 allows attackers to manipulate the collapsed/expanded status of sidepanel widgets through CSRF.

Who can be affected by CVE-2025-27624?

Any users of Jenkins versions 2.499 and earlier or Jenkins LTS versions 2.492.1 and earlier may be affected by CVE-2025-27624.

Vulnerability/
CVE-2025-27624

medium

5.4

CWE

352

EPSS

0.043%

5/3/2025

6/3/2025

CVE-2025-27624: CSRF

First published: Wed Mar 05 2025(Updated: )

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.499 and earlier, LTS 2.492.1 and earlier allows attackers to have users toggle their collapsed/expanded status of sidepanel widgets (e.g., Build Queue and Build Executor Status widgets).

Credit: jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
Jenkins LTS	<2.500
Jenkins	<2.492.2
maven/org.jenkins-ci.main:jenkins-core	<2.492.2	2.492.2
maven/org.jenkins-ci.main:jenkins-core	>=2.493<2.500	2.500

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-27624?
The severity of CVE-2025-27624 is considered moderate due to its potential to affect user interface settings in Jenkins.
How do I fix CVE-2025-27624?
To fix CVE-2025-27624, upgrade to Jenkins version 2.500 or later, or Jenkins LTS version 2.492.2 or later.
What does CVE-2025-27624 affect?
CVE-2025-27624 affects Jenkins 2.499 and earlier, as well as Jenkins LTS 2.492.1 and earlier.
What is the impact of CVE-2025-27624?
The impact of CVE-2025-27624 allows attackers to manipulate the collapsed/expanded status of sidepanel widgets through CSRF.
Who can be affected by CVE-2025-27624?
Any users of Jenkins versions 2.499 and earlier or Jenkins LTS versions 2.492.1 and earlier may be affected by CVE-2025-27624.

collector/mitre-cve
source/MITRE
agent/weakness
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
agent/references
agent/last-modified-date
agent/source
agent/severity
agent/softwarecombine
agent/description
agent/trending
agent/event
collector/nvd-cve
agent/tags
collector/github-advisory-latest
source/GitHub
alias/GHSA-7g95-jmg9-h524
alias/CVE-2025-27624
vendor/jenkins
canonical/jenkins lts
canonical/jenkins
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.