CVE-2025-32754 | THREATINT

Description

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.

PUBLISHED Reserved 2025-04-10 | Published 2025-04-10 | Updated 2025-04-10 | Assigner jenkins

Product status

Default status

unaffected

Any version

affected

References

www.jenkins.io/security/advisory/2025-04-10/ (Jenkins Security Advisory 2025-04-10) vendor-advisory

cve.org (CVE-2025-32754)

nvd.nist.gov (CVE-2025-32754)

Download JSON