cvedb.io
CVE-2025-32755
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2025-04-10T12:15:16.547 · Last modified 2026-06-17T09:12:32.583

Summary

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.

Affected products

jenkins — ssh-slave

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.