BlazeMeter Jenkins Plugin 4.27 Info Disclosure via Denied Permission Dropdown
CVE-2025-13472 Published on December 3, 2025

Missing authorization in BlazeMeter Jenkins Plugin
A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2025-13472 has been classified to as an AuthZ vulnerability or weakness.

Affected Versions

Perforce BlazeMeter:

Before 4.27 is affected.

Exploit Probability

EPSS

0.06%

Percentile

18.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

BlazeMeter Jenkins Plugin 4.27 Info Disclosure via Denied Permission DropdownCVE-2025-13472 Published on December 3, 2025

Weakness Type

What is an AuthZ Vulnerability?

Affected Versions

Exploit Probability

BlazeMeter Jenkins Plugin 4.27 Info Disclosure via Denied Permission Dropdown
CVE-2025-13472 Published on December 3, 2025