Jenkins - Authorization Bypass (CVE-2025-59474)
88Exploiting IPs reported
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.
CrowdSec analysis
CVE-2025-59474 is a vulnerability in Jenkins that allows attackers without Overall/Read permission to enumerate agent names via the sidepanel executors widget. This information disclosure flaw could aid threat actors in reconnaissance efforts, potentially facilitating further targeted attacks against Jenkins environments.
CrowdSec has been tracking this vulnerability and its exploits since 15th of October 2025.
CrowdSec network observations suggest that most exploitation of CVE-2025-59474 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. In addition, according to the CrowdSec network, attack volume against CVE-2025-59474 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.
Attackers probe Jenkins endpoints such as /securityRealm/signup and /jenkins/securityRealm/signup to access the sidepanel and enumerate agent names via the "Build Executor Status" widget, even without Overall/Read permissions.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.