CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.

Published Oct 30, 2025

https://github.com/advisories/GHSA-jfg6-4gx3-3v7w

CVSS ScoreHigh

7.1

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64134

Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.

Published Oct 30, 2025

https://github.com/advisories/GHSA-jfg6-4gx3-3v7w

CVSS ScoreHigh

7.1


maven	org.jenkins-ci.plugins/jdepend	1.2.4
maven	org.jenkins-ci.plugins/jdepend	1.3.0
maven	org.jenkins-ci.plugins/jdepend	1.3.1

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/jdepend	1.2.4
maven	org.jenkins-ci.plugins/jdepend	1.3.0
maven	org.jenkins-ci.plugins/jdepend	1.3.1

Find vulnerabilities. Fix fast with AI.

CVE-2025-64134

CVE-2025-64134