CVE-2025-47888 – Jenkins DingTalk Plugin SSL/TLS Certificate Validation Bypass Vulnerability

May 14, 2025

CVE ID : CVE-2025-47888

Published : May 14, 2025, 9:15 p.m. | 1 hour, 51 minutes ago

Description : Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47889 – Jenkins WSO2 Oauth Plugin Authentication Bypass Vulnerability

Next Article CVE-2025-47887 – Jenkins Cadence vManager Plugin Unauthenticated Remote Code Execution

Highlights

CVE-2025-6445 – ServiceStack Directory Traversal Remote Code Execution Vulnerability

June 25, 2025

CVE ID : CVE-2025-6445

Published : June 25, 2025, 6:15 p.m. | 44 minutes ago

Description : ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of the FindType method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25837.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Never Stop Exploring (July 2025 Wallpapers Edition)

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

I never thought I’d praise a kickstand power bank – until I tried this one

I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

How to set up Alexa to receive notifications on Prime Day deals you want

How proxy servers actually work, and why they’re so valuable

What’s the difference between named functions and arrow functions in JavaScript?

What’s the difference between named functions and arrow functions in JavaScript?

Spring Boot + Swagger: A Complete Guide to API Documentation

Wire Room Math: AI + SME = (Less Compensation Paid) X (Headline Risk + Payment Errors)^2

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Orange Pi R2S Single Board Computer Running Linux: Introduction

vmstat – reports virtual memory statistics

CVE-2025-47888 – Jenkins DingTalk Plugin SSL/TLS Certificate Validation Bypass Vulnerability

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

Now Generally Available: 7 New Resource Policies to Strengthen Atlas Security

CVE-2025-43948 – Codemers KLIMS Python Code Injection Vulnerability

Behind the Curtain: Building Aurel’s Grand Theater from Design to Code

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)

CVE-2025-6445 – ServiceStack Directory Traversal Remote Code Execution Vulnerability

Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet

Crafting Strong DX With Astro Components and Typescript

Hack the model: Build AI security skills with the GitHub Secure Code Game

CVE-2025-47888 – Jenkins DingTalk Plugin SSL/TLS Certificate Validation Bypass Vulnerability

Related Posts