Security Advisory

CVE-2025-27625

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-05 22:33:36

Last updated 2025-03-06 16:14:45

Assigner jenkins

State PUBLISHED

Description

In Jenkins 2.499 and earlier, LTS 2.492.1 and earlier, redirects starting with backslash (``) characters are considered safe, allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site, because browsers interpret these characters as part of scheme-relative redirects.

← Browse all CVEs View on cve.org ↗