Miggo Logo
Miggo Vulnerability Database
CVE-2025-64134

CVE-2025-64134: Jenkins JDepend Plugin vulnerable to XML external entity attacks

7.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-64134
GHSA ID
GHSA-jfg6-4gx3-3v7w
EPSS Score
-
CWE
CWE-611
Published
10/29/2025
Updated
10/29/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:jdependmaven<= 1.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

J*nkins J**p*n* Plu*in *.*.* *n* **rli*r in*lu**s *n out**t** v*rsion o* J**p*n* M*v*n Plu*in t**t *o*s not *on*i*ur* its XML p*rs*r to pr*v*nt XML *xt*rn*l *ntity (XX*) *tt**ks. T*is *llows *tt**k*rs **l* to *on*i*ur* input *il*s *or t** "R*port J*

Reasoning

No *n*lysis *v*il**l*