cbcvebase.
CVE-2025-31723
published 2025-04-02

CVE-2025-31723: A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.

PriorityP417medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.25%
16.0th percentile
A cross-site request forgery (CSRF) vulnerability in Jenkins Simple Queue Plugin 1.4.6 and earlier allows attackers to change and reset the build queue order.

Affected

10 ranges
VendorProductVersion rangeFixed in
jenkinsasakusasatellite_plugin
jenkinscadence_vmanager_plugin
jenkinsjenkins_core
jenkinsjenkins_lts
jenkinsjenkins_weekly
jenkinssimple_queue< 1.4.71.4.7
jenkinssimple_queue_plugin
jenkinsstack_hammer_plugin
jenkinstemplating_engine_plugin
jenkins_projectjenkins_simple_queue_plugin<= 1.4.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.