CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

Published Oct 30, 2025

https://github.com/advisories/GHSA-jwm4-955w-4hj3

CVSS ScoreMedium

4.3

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-64137

A missing permission check in Jenkins Themis Plugin 1.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.

Published Oct 30, 2025

https://github.com/advisories/GHSA-jwm4-955w-4hj3

CVSS ScoreMedium

4.3


maven	org.jenkins-ci.plugins/themis	1.0
maven	org.jenkins-ci.plugins/themis	1.1
maven	org.jenkins-ci.plugins/themis	1.2.1
maven	org.jenkins-ci.plugins/themis	1.2.3
maven	org.jenkins-ci.plugins/themis	1.2
maven	org.jenkins-ci.plugins/themis	1.3
maven	org.jenkins-ci.plugins/themis	1.4.1
maven	org.jenkins-ci.plugins/themis	1.4

Ecosystem	Package	Version


maven	org.jenkins-ci.plugins/themis	1.0
maven	org.jenkins-ci.plugins/themis	1.1
maven	org.jenkins-ci.plugins/themis	1.2.1
maven	org.jenkins-ci.plugins/themis	1.2.3
maven	org.jenkins-ci.plugins/themis	1.2
maven	org.jenkins-ci.plugins/themis	1.3
maven	org.jenkins-ci.plugins/themis	1.4.1
maven	org.jenkins-ci.plugins/themis	1.4

Find vulnerabilities. Fix fast with AI.

CVE-2025-64137

CVE-2025-64137