CIRT.GY | Jenkins Security Advisory (10th, December 2025)

Jenkins Security Advisory (10th, December 2025)

Ref# ADV2025_425 | Date: Dec 12th 2025

Jenkins published a security advisory highlighting vulnerabilities in the following product on December 10th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated.

BlazeMeter – version 4.27

Coverage – version 2.3054.ve1ff7b_a_a_123b_ and prior

Git client – version 6.4.0 and prior

HashiCorp Vault – version 371.v884a_4dd60fb_6 and prior

Redpen – Pipeline Reporter for Jira – version 1.054.v7b_9517b_6b_202 and prior

For more information on this update, you can follow this URL:

https://www.cyber.gc.ca/en/alerts-advisories/jenkins-security-advisory-av25-826

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.

References

Jenkins Security advisories. (December 10th, 2025). Retrieved from Canadian Centre for Cyber Security
https://www.cyber.gc.ca/en/alerts-advisories/jenkins-security-advisory-av25-826

Jenkins Security Advisory 2025-12-10. (2025, December 10). Jenkins Security Advisory 2025-12-10. https://www.jenkins.io/security/advisory/2025-12-10/