CVE-2025-32754

Published: Apr 10, 2025

Modified: Apr 10, 2025

PUBLISHED

Description

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.

Vendor	Product	Versions
Jenkins Project	Jenkins jenkins/ssh-agent Docker images	affected `0 - <= 6.11.1`

References

Jenkins Security Advisory 2025-04-10

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-32754

Description

Affected Products

References