15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin. Find out how this vulnerability, initially rated as medium, could allow hackers to achieve remote code execution and compromise thousands of unauthenticated Jenkins servers.

A new security analysis from the firm VulnCheck has revealed that a vulnerability in the popular Jenkins automation server is more dangerous than previously thought. The flaw, officially identified as CVE-2025-53652, was initially rated as a medium-level threat but has been found to allow for a severe type of attack known as command injection. This could potentially let hackers take complete control of a server.

For your information, Jenkins is a powerful open-source tool companies use for automating tasks in software development. The vulnerability specifically affects a feature called the Git Parameter plugin, which is used to allow developers to easily select and use different versions or branches ...