CVE-2025-67640

Vulnerability Description

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.

Vulnerability Details

Published Date

December 10, 2025

Last Modified

December 17, 2025

Source

NVD

CVE-2025-67640

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment