CVE-2025-53651 | THREATINT

Description

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log.

PUBLISHED Reserved 2025-07-08 | Published 2025-07-09 | Updated 2025-11-04 | Assigner jenkins

Product status

Default status

unaffected

Any version

affected

Credits

Kyler Katz finder

References

www.openwall.com/lists/oss-security/2025/07/09/4

www.jenkins.io/security/advisory/2025-07-09/ (Jenkins Security Advisory 2025-07-09) vendor-advisory

cve.org (CVE-2025-53651)

nvd.nist.gov (CVE-2025-53651)

Download JSON