CVE-2025-64134 - CERT CVE

  1. CVE-2025-64134

ID CVE-2025-64134
Sažetak Jenkins JDepend Plugin 1.3.1 and earlier includes an outdated version of JDepend Maven Plugin that does not configure its XML parser to prevent XML external entity (XXE) attacks.
Reference
CVSS
Base: 7.1
Impact: 4.2
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Zadnje važnije ažuriranje 30-10-2025 - 15:03
Objavljeno 29-10-2025 - 14:15