Jenkins URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2025-27625 - Vulnerability Database

Jenkins URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2025-27625

Medium

Reference: CVE-2025-27625

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-27625

Title: Jenkins URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Overview:

In Jenkins 2.499 and earlier LTS 2.492.1 and earlier redirects starting with backslash () characters are considered safe allowing attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site because browsers interpret these characters as part of scheme-relative redirects.