Jenkins - Authorization Bypass (CVE-2025-59474)
105Exploiting IPs reported
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget.
CrowdSec analysis
CVE-2025-59474 is a vulnerability in Jenkins that allows attackers without Overall/Read permission to enumerate agent names via the sidepanel executors widget. This information disclosure flaw could aid threat actors in reconnaissance efforts, potentially facilitating further targeted attacks against Jenkins environments.
CrowdSec has been tracking this vulnerability and its exploits since 15th of October 2025.
CrowdSec network observations suggest that most exploitation of CVE-2025-59474 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2025-59474 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.
Attackers probe Jenkins endpoints such as /securityRealm/signup and /jenkins/securityRealm/signup to access the sidepanel and enumerate agent names via the "Build Executor Status" widget, even without Overall/Read permissions.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.