Multiple Jenkins Docker Images Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-32754 CVSS:5.6

Jenkins jenkins/ssh-agent Docker images could allow a remote attacker to access to the network path between the SSH client and SSH build agent to impersonate the latter, caused by the use of same SSH host keys in containers with same version.

CVE-2025-32755 CVSS:5.6

Jenkins jenkins/ssh-slave Docker images could allow a remote attacker to access to the network path between the SSH client and SSH build agent to impersonate the latter, caused by the use of same SSH host keys in containers with same version.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2025-32754
CVE-2025-32755

Affected Vendors

Jenkins

Affected Products

Jenkins ssh-agent Docker images - 6.11.1
Jenkins ssh-slave Docker images

Remediation

Upgrade to the latest version of Jenkins, available from the Jenkins Security Advisory.

Jenkins Security Advisory

SideWinder APT Group aka Rattlesnake – Active IOCs

CVE-2025-33079 – IBM Controller Vulnerability

Multiple Jenkins Docker Images Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan