Main Vulnerability Database SB2025041510

SB2025041510 - Host key reuse in Jenkins ssh-slave Docker images

Published: April 15, 2025

Security Bulletin ID SB2025041510

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reusing a Nonce, Key Pair in Encryption (CVE-ID: CVE-2025-32755)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to SSH host keys are generated on image creation for images based on Debian. A remote attacker can insert themselves into the network path between the SSH client and SSH build agent to impersonate the latter.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565