What is the CVSS score of CVE-2025-53652?

CVE-2025-53652 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Git Parameter are affected by CVE-2025-53652?

CVE-2025-53652 presents notable security risk, a input validation vulnerability rated CVSS 8.2.. A patch is available.

How to fix or mitigate CVE-2025-53652?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Git Parameter CVE-2025-53652

EUVD-2025-20862 HIGH

Improper Input Validation (CWE-20)

2025-07-09 jenkinsci-cert@googlegroups.com

GHSA-qcj2-99cg-mppf

Code Injection Jenkins Git Parameter

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 06:20 euvd

EUVD-2025-20862

Analysis Generated

Mar 16, 2026 - 06:20 vuln.today

CVE Published

Jul 09, 2025 - 16:15 nvd

HIGH 8.2

DescriptionNVD

Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

Analysis

Technical ContextAI

This vulnerability is classified as Improper Input Validation (CWE-20).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

More from same product – last 7 days

CVE-2026-48920 HIGH This Week

8.8 May 27

Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets

CVE-2026-48922 HIGH This Week

7.5 May 27

Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who c

CVE-2026-48921 HIGH This Week

7.5 May 27

Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 79

CVE-2026-48919 MEDIUM This Month

6.6 May 27

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrati

CVE-2026-48918 MEDIUM This Month

6.6 May 27

Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to

CVE-2025-53652 vulnerability details – vuln.today

Back

Git Parameter CVE-2025-53652

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code