CVE-2025-64134

CVSS 7.1 HIGHEPSS 0.3%CWE-611

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

29 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Affected products

Jenkins Project · Jenkins JDepend Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-2936 http://www.openwall.com/lists/oss-security/2025/10/29/2