In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
{ "versions": [ { "introduced": "0" }, { "fixed": "2.5.4" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-31722.json"