Developer Tools

In Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a high severity vulnerability CVE-2025-67635 was detected. This vulnerability allows unauthenticated attackers to cause a denial of service due to HTTP-based CLI connections not being properly closed when the connection stream becomes corrupted. To address this issue, users should upgrade to Jenkins version 2.541 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67635.

In Gogs versions 0.13.3 and prior a high severity vulnerability CVE-2025-8110 was detected. This vulnerability allows local attackers to execute arbitrary code by exploiting improper symbolic link handling in the `PutContents` file update API. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8110.

In Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a low severity vulnerability CVE-2025-67639 was detected. This vulnerability allows attackers to perform cross-site request forgery (CSRF) attacks that can trick users into logging in to the attacker’s account. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67639.

In Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a medium severity vulnerability CVE-2025-67638 was detected. This vulnerability allows attackers to observe and capture build authorization tokens because they are not properly masked in the job configuration form. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67638.

In Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a medium severity vulnerability CVE-2025-67637 was detected. This vulnerability allows users with Item/Extended Read permissions or access to the Jenkins controller file system to view unencrypted build authorization tokens stored in job `config.xml` files, exposing sensitive information. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67637.

In Jenkins versions 2.540 and earlier, including LTS 2.528.2 and earlier a medium severity vulnerability CVE-2025-67636 was detected. This vulnerability allows attackers with View/Read permissions to view encrypted password values due to a missing permission check. To address this issue, users should upgrade Jenkins to versions 2.541 or 2.528.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-67636.

In GitLab CE/EE versions 11.10 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-4097 was detected. This vulnerability allows authenticated users to trigger a denial-of-service condition by uploading specially crafted images. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 8.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4097.

In GitLab CE/EE versions 15.11 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-12029 was detected. This vulnerability allows unauthenticated attackers to perform unauthorized actions on behalf of other users by injecting malicious external scripts into the Swagger UI. To address this issue, users should upgrade GitLab CE/EE versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12029.

In GitLab CE/EE versions 13.1 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a medium severity vulnerability CVE-2025-11984 was detected. This vulnerability allows authenticated attackers to bypass WebAuthn two-factor authentication by manipulating the session state under specific conditions. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-11984.