Git Parameter Plugin Unvalidated Input Enables Arbitrary Git Parameters
CVE-2025-53652 Published on July 9, 2025
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.
Vulnerability Analysis
CVE-2025-53652 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2025-53652
stack.watch emails you whenever new vulnerabilities are published in Jenkins Git Parameter or Jenkins. Just hit a watch button to start following.
Affected Versions
Jenkins Project Jenkins Git Parameter Plugin:- Before and including 439.vb_0e46ca_14534 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.