CVE-2025-31721: 
Java vulnerability analysis and mitigation

CVE-2025-31721 is a security vulnerability discovered in Jenkins, affecting versions 2.503 and earlier, and LTS 2.492.2 and earlier. The vulnerability was disclosed on April 2, 2025, and is identified as SECURITY-3513 in Jenkins security advisory. This vulnerability stems from a missing permission check in an HTTP endpoint that affects the Jenkins core system (Jenkins Advisory).

The vulnerability is characterized by a missing permission check in Jenkins' HTTP endpoint, which is related to agent configuration handling. The issue has been assigned a Medium severity CVSS rating with a base score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows attackers with Agent/Create permission but without Agent/Configure permission to copy an agent and gain unauthorized access to encrypted secrets stored in its configuration. This represents a significant security risk as it could lead to the exposure of sensitive information (Jenkins Advisory).

The vulnerability has been fixed in Jenkins 2.504 and LTS 2.492.3. The fix implements proper permission checks requiring Agent/Configure permission to copy an agent containing secrets. Organizations using affected versions should upgrade to these patched versions to mitigate the risk (Jenkins Advisory).